On Sat, 13 Mar 2004, Peter Bonivart wrote: > > password-encrypted archive virus now distributes itself in an encrypted > > rar file, and the password is an attached bitmap to eliminate the > > possibility of using the password in the body of the message to open the > > archive in antivirus programs. >
We got one which is a .zip, not a .rar which uses the same tactic. See www.nsci.us/~ewheeler/v.bmp for the image which holds the password. If anyone wants a sample, let me know. Extracted, clam detects this as Worm.Bagle.N. -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users