Actually the original posting, that I posted, was referring to a virus/trojan.
Actually, it was not. You're trusting McAfee's marketing department (the same folks that send us spam every week!). Your original post was regarding an exploit that McAfee incorrect refers to as a trojan.
No matter how anyone wants to try to piddle with words the fact remains the same: any email that contains malicious content or attachments that causes or could cause a computer harm, probably contains a virus or trojan.
There are 2 different programs out there -- anti-virus programs (which are designed to detect known viruses, and perhaps have some heuristics to try to detect other viruses), and programs designed to catch any malware (viruses, spyware, trojans, programs that automatically dial into $3.99/minute adult websites, etc.). The software to detect malware may have a reason to catch URLSpoof, but an anti-virus program does not.
As I pointed out before, it is extremely unlikely that an E-mail with URLSpoof in it will contain a virus! Think about it: if it contained a virus, what would be the point of having a URL in the E-mail designed to get people to think they were going to a site other than they really are?
URLSpoof is expected to be used for phishing (making it look like you are really at PayPal's site). While that is a bad thing, it's not in AV territory any more than spam is.
All I trust is that when they say it is a virus or trojan then it is - Period - no
questions asked.
Then you need to lose a bit of trust in McAfee. I can guarantee you that URLSpoof is not a trojan, and contains no code of any kind. It's just a link, and the only danger is whatever a user may do at that link.
That said this particular one was an email that had an
attached zip file to it. Within that zip file was a trojan. That trojan
would contact a site in Russia, now closed, to download the binary payload
to complete the trojan thus allowing hackers to use your computer at will.
Ref:
http://securityresponse.symantec.com/avcenter/venc/data/downloader.mimail.b.html
That's Mimail.b, which is a virus (technically, a trojan). As a trojan, it also technically is beyond the scope of what AV software should do -- but given how widespread it is (being sent out by spammers), it does seem appropriate for AV software to catch it.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
