I opened the zip file and it contained one file called "1.cpl" (without the
quotes). Some sort of malicious Control Panel applet?
----- Original Message -----
From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To: <Declude.Virus@declude.com>
Sent: Monday, September 12, 2005 11:55 AM
Subject: RE: [Declude.Virus] Seemingly bad virus this morning
What is the payload inside the zip?
John T
eServices For You
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Matt
Sent: Monday, September 12, 2005 7:52 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Seemingly bad virus this morning
FYI, We found a rapidly spreading zip virus beginning at about 8:15 a.m.
this morning, first coming from Eastern Europe. McAfee seems to be
detecting all of them now, but F-Prot as of this moment is not on our
system. Every attachment name seemingly contained the word "price".
Here's a quick filter that I had put together for it:
HEADERS END NOTCONTAINS boundary="--------
BODY END NOTCONTAINS attachment; filename="
BODY END NOTCONTAINS .zip" Content-Transfer-Encoding
BODY 15 CONTAINS price
Matt
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
-------------------------------------------------------------------
E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)
-------------------------------------------------------------------
E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.