New Trojan

Martin.Hepworth martinh at solidstatelogic.com
Thu Jul 24 16:56:06 IST 2008 

Coming in thick and fast here...well relatively 4 an hour when we'd normally 4 viruses a week max in last few months.

Now migrated to Rechnung______.exe

Which is German for Invoice!

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
> Of Alex Broens
> Sent: 24 July 2008 16:23
> To: MailScanner discussion
> Subject: Re: New Trojan
>
> On 7/24/2008 4:58 PM, Anthony Cartmell wrote:
> >>> Not according to VirusTotal!
> >>>  ClamAV, Microsoft, and VBA32 are the only ones which
> dtect my sample.
> >>
> >> OK, it may have morphed, but Sophos has been detecting
> something in
> >> the UPS invoice zip files, which clamav didn't since the weekend.
> >
> > It seems to be morphing quite a bit, and clamav has had several more
> > updates: I'm seeing 7814 at the mo.
> >
>
> are the file names consistent?
>
> if yes, a SA mimeheader header rule can do the magic
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

More information about the MailScanner mailing list