RE: [Declude.Virus] Virus Feebs variant warning

[John T \(Lists\)]

Why not catch it with less resources via banning hta files and BANZIPEXTS and BANEZIPEXTS?   John T eServices For You   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Wednesday, January 25, 2006 4:56 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Virus Feebs variant warning   I just got a message from a gmail account (forged) With a data.zip attached. It has a hta file inside. subject: Secure Mail The body says ID: 46271 Password: zgbvndwdx Message is attached. Sincerely, Protected Mail System, Gmail.com Using virustotal.com it is only catched by very few companies. This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip" file. Antivirus Version Update     Result AntiVir 6.33.0.77 01.25.2006     no virus found Avast 4.6.695.0 01.25.2006     no virus found AVG 718 01.25.2006     Worm/Feebs Avira 6.33.0.77 01.25.2006     no virus found BitDefender 7.2 01.26.2006     no virus found CAT-QuickHeal 8.00 01.25.2006     no virus found ClamAV devel-20051123 01.26.2006     no virus found DrWeb 4.33 01.25.2006     Win32.HLLM.Graz eTrust-InoculateIT 23.71.60 01.25.2006     no virus found eTrust-Vet 12.4.2056 01.25.2006     Win32/Feeb!ZIP Ewido 3.5 01.25.2006     no virus found Fortinet 2.54.0.0 01.26.2006     JS/Feebs.fam-mm F-Prot 3.16c 01.25.2006     no virus found Ikarus 0.2.59.0 01.25.2006     no virus found Kaspersky 4.0.2.24 01.25.2006        Worm.Win32.Feebs.gen McAfee 4682 01.25.2006     no virus found NOD32v2 1.1380 01.25.2006     JS/TrojanDownloader.Tivso.gen Norman 5.70.10 01.25.2006     JS/[EMAIL PROTECTED] Panda 9.0.0.4 01.25.2006     no virus found Sophos 4.01.0 01.25.2006     no virus found Symantec 8.0 01.26.2006     W32.Feebs TheHacker 5.9.3.081 01.26.2006     no virus found UNA 1.83 01.25.2006     no virus found VBA32 3.10.5 01.25.2006     no virus found   F-prot, Mcaffe, ClamAV are not catching it.   meanwhile I am banning it via the body of the email. Catching "Protected Mail System"