{Spam?} New Trojan
Hugo van der Kooij
hvdkooij at vanderkooij.org
Sun Jul 27 09:07:13 IST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Randal, Phil wrote:
| New Trojan
| Folks, there's a new trojan being bulk spammed.
| Block the attachment Tax_Invoice.zip if you can.
It seems it is a variation of something going on for years. In fact this
~ new set seems to be in use 3 weeks ago in Germany. Just with different
slogans.
Last year in April I have gathered some info from raw data from which we
estimated that 110 new variants popup daily. There is no way you can
tackle this with patterns.
I think it is vital to use anti-spam tactics on each message. It will be
less and less likely that your pattern based scanner will detect the
first wave of of a new variant. But they will still have lots of the
other characteristics that spam and malware have show over the years.
So in doing a bit of poking around on this one will also result in the
answer to the issue of wether or not it is smart to stop spam scanning
if you find a virus: It is NOT smart.
Hugo.
- --
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIjCyvBvzDRVjxmYERAi4AAJ0TQbWP94XowW2vJzFTCyn7ymfJ6wCbBDNl
Oft2f6/floEGyDG00G8oSN0=
=Ovz9
-----END PGP SIGNATURE-----
More information about the MailScanner
mailing list