Looks like a match for this new worm W32/Wallon.worm.a http://vil.nai.com/vil/content/v_125096.htm The message body simply contains a hyperlink, which is designed to trick users into thinking that they are going to a Yahoo News site, when in fact they are redirected to a page on the www..security-warning..biz domain.Extra "."s added to address. Greg Email Admin wrote:
--- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. |
- [Declude.Virus] RE Mass mailing maybe new virus Email Admin
- Re: [Declude.Virus] RE Mass mailing maybe new virus Greg Little
- Re: [Declude.Virus] RE Mass mailing maybe new virus Matt
- RE: [Declude.Virus] RE Mass mailing maybe new viru... Douglas Cohn
- Re: [Declude.Virus] RE Mass mailing maybe new ... Matt
- [Declude.Virus] .smd files in c:/ Tim Cook
- Re: [Declude.Virus] .smd files in c:/ R. Scott Perry
- RE: [Declude.Virus] .smd files in... Tim Cook
- RE: [Declude.Virus] .smd file... R. Scott Perry
- RE: [Declude.Virus] .smd file... Tim Cook
- RE: [Declude.Virus] .smd file... R. Scott Perry
- Re: [Declude.Virus] .smd file... Darin Cox