-----Original
Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Monday, October 02,
2006 3:49
PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] stration
work
Those of us still
running F-Prot* as a primary virus scanner will want to add one or both of
these to their virus.cfg in order to block notifications for detection of the
Stration malware:
FORGINGVIRUS
W32/Tricky-Malware-based!Maximus
FORGINGVIRUS
Tricky-Malware-based!
The first is the most
explicit, and the second is a fragment that will catch future detections that
are based on heuristics.
And in the unlikely
event that someone is using Trend Micro OfficeScan or
SysClean:
FORGINGVIRUS
Possible_Strat-2
FORGINGVIRUS
Possible_
Andrew
8)
* The "new" price is
unjustifiably high for using fpcmd on a mailserver. Plan to switch to a
different vendor before you renew this licence.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Monday, October
02, 2006 7:27
AM
To:
Declude.Virus@declude.com
Subject: [Declude.Virus] stration
work
It looks like the Stration worm
is causing backscatter today:
The W32/Stration.dr virus
drops the mass mailing worm W32/[EMAIL PROTECTED]. that
uses its own SMTP engine to send itself to the email addresses that it
harvests on the infected computer. The W32/Stration.dr is written using
Microsoft Visual C++ and also contains functionality to connect to a remote
web server to download a file.
I've added it as a forging
virus
-----------------------------------------------------
Scott
Fisher
Director of IT
Farm Progress Companies
191 S
Gary Ave
Carol
Stream, IL
60188
630-462-2323
This email message, including
any attachments, is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message. Although Farm Progress Companies has taken
reasonable precautions to ensure no viruses are present in this email, the
company cannot accept responsibility for any loss or damage arising from the
use of this email or attachments.
---
This E-mail came from the Declude.Virus
mailing list. To
unsubscribe, just send an E-mail to
[EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives
can be found
at http://www.mail-archive.com.