New Trojan

Anthony Peacock a.peacock at chime.ucl.ac.uk
Thu Jul 24 15:34:45 IST 2008 

Randal, Phil wrote:
> Different trojan, which ClamAv has been catching for days.

Ahh! OK!  I haven't yet seen any of the ones you are describing.



> 
> Cheers,
> 
> Phil
> 
> --
> Phil Randal
> Networks Engineer
> Herefordshire Council
> Hereford, UK
> 
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Anthony
> Peacock
> Sent: 24 July 2008 15:19
> To: MailScanner discussion
> Subject: Re: New Trojan
> 
> Randal, Phil wrote:
>> Not according to VirusTotal!
>>
>> ClamAV, Microsoft, and VBA32 are the only ones which dtect my sample.
> 
> OK, it may have morphed, but Sophos has been detecting something in the
> UPS invoice zip files, which clamav didn't since the weekend.
> 
> "The following e-mails were found to have: Virus Detected
> 
>      Sender: tequilas25 at hotmail.com
> IP Address: 75.147.196.1
>   Recipient: ecits-enquiries at chime.ucl.ac.uk,
> ecm-support at chime.ucl.ac.uk
>     Subject: UPS Tracking Number 7282167863
>   MessageID: m6M1QGRq014777
> Quarantine: /var/spool/MailScanner/quarantine/20080722/m6M1QGRq014777
>      Report: SophosSAVI: UPS_INVOICE_978172.zip was infected by
> Troj/Agent-HFZ"
> 
> As I say, I have no way of knowing if this is the same thing as what you
> are seeing, but Sophos detected it and clamav didn't, and it was coming
> in similar emails to those you are describing.
> 
> --
> Anthony Peacock
> CHIME, Royal Free & University College Medical School
> WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
> Study Health Informatics - Modular Postgraduate Degree
> http://www.chime.ucl.ac.uk/study-health-informatics/
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 


-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/

More information about the MailScanner mailing list