[Declude.Virus] Unknown Virus

[Greg Little]

I'm getting LOTS of unknown viruses with Subject lines that look like W32/[EMAIL PROTECTED] http://vil.nai.com/vil/content/v_101083.htm McAfee does not yet have DAT 4335 released. Netsky.J likes to use *.pif files. Question: The new vulnerability tests for *.pif files, how do we expect them to appear? Declude Virus Ver. 1.78i11 caught the Unknown Virus virus in Unknown File from [EMAIL PROTECTED]. to: [EMAIL PROTECTED]. Date: 03/08/2004 14:39:19 Subject: Re: Word file Spool File: Dcbc1003201a89dfa.SMD Remote IP: 63.251.31.9 In or Out: incoming recipient host: thecourier.com Sender Host: .dc. Headers: Received: from thecourier.com [63.251.31.9] by aristotle.thecourier.com with ESMTP (SMTPD32-8.05) id ABC13201A8; Mon, 08 Mar 2004 14:38:41 -0500 From: [EMAIL PROTECTED]. To: [EMAIL PROTECTED] Subject: Re: Word file Date: Mon, 8 Mar 2004 14:39:15 -0500 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0007_00004DE0.00004424" X-Priority: 3 X-MSMail-Priority: Normal Message-Id: <[EMAIL PROTECTED]> X-IMAIL-SPAM-DNSBL: (fiveten,3277224,internap.com.spam-support.blackholes.five-ten-sg.com) or Similar to this Declude Virus Ver. 1.78i11 caught the [Outlook 'CR' Vulnerability] virus in [No attachment] from [EMAIL PROTECTED] to: [EMAIL PROTECTED]. Date: 03/08/2004 14:44:16 Subject: you could be john holmes Spool File: Dcd0614ef022c9307.SMD Remote IP: 4.60.6.94 -- Greg Little --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.