FYI, Kaspersky reports that they're now up to something
like 20 new variants of Bagle between Monday and Tuesday.
Andrew 8)
I can confirm that F-Prot was again missing the Bagle zips this
morning, however McAfee seems to have caught every one of them with a
generic Bagle definition unlike yesterday. As of 2 p.m., F-Prot was
still missing these Bagles.
Matt
Colbeck, Andrew wrote:
FYI, Kaspersky reports
Oops, McAfee just slipped. Since 1:09 p.m. EST on my system we
received 52 undetected zips (just over an hour). We caught these all
with a custom filter.
Matt
Colbeck, Andrew wrote:
FYI, Kaspersky reports that
they're now up to something like 20 new variants of Bagle between
] Seemingly bad
virus this morning
Oops, McAfee just slipped. Since 1:09 p.m. EST on my system
we received 52 undetected zips (just over an hour). We caught these all
with a custom filter.MattColbeck, Andrew wrote:
FYI, Kaspersky reports that they're now up to something
like
Subject:
Re: [Declude.Virus] Seemingly bad virus this morning
Nice script, but the executables don't change regularly,
and many of us are using the command line version of McAfee that requires
an unvalidated download. This also doesn't get the beta
DAT's.I use
I can confirm this and can also see that Declude virus + f-prot seems
catching it now as unknown virus
In the past 30 minutes there was several of this infected messages on our
servers.
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Ah, and not to forget: whatever name this virus will have: it's a forging
worm.
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Monday, September 12, 2005 4:52 PM
To: Declude.Virus@declude.com
Subject: [Declude.Virus]
What is the payload inside the zip?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Matt
Sent: Monday, September 12, 2005 7:52 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Seemingly bad virus this morning
: [Declude.Virus] Seemingly bad virus this morning
What is the payload inside the zip?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Matt
Sent: Monday, September 12, 2005 7:52 AM
To: Declude.Virus@declude.com
Subject
: Monday, September 12, 2005 11:49 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Seemingly bad virus this morning
I opened the zip file and it contained one file called 1.cpl (without
the
quotes). Some sort of malicious Control Panel applet?
- Original Message -
From
OK, so it is cpl file, which we should all have in our list
of banned extensions including banned if within a zip file,
so we should all be safe, correct?
As save as the world can be ;-)
Markus
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Dan Geiser
Sent: Monday, September 12, 2005 11:49 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Seemingly bad virus this morning
I opened the zip file and it contained one file called &q
/890f45b2e1cfdec9/61f1bcbcc4e71848?lnk=stq=dailydatrnum=1hl=en#61f1bcbcc4e71848
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 2:26
PM
Subject: Re: [Declude.Virus] Seemingly
bad virus this morning
This is a new Bagel variant: http
Here's the Mcafee page:
http://vil.mcafeesecurity.com/vil/virus-4d.asp
- Original Message -
From:
Matt
To: Declude.Virus@declude.com
Sent: Monday, September 12, 2005 2:26
PM
Subject: Re: [Declude.Virus] Seemingly
bad virus this morning
This is a new Bagel
For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Dan Geiser
Sent: Monday, September 12, 2005 11:49 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Seemingly bad virus this morning
I opened
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Dan Geiser
Sent: Monday, September 12, 2005 11:49 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Seemingly bad virus this morning
I opened the zip file
es For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Dan Geiser
Sent: Monday, September 12, 2005 11:49 AM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Seemingly bad virus this morning
I opened th
:[EMAIL PROTECTED] On Behalf Of Scott
FisherSent: Monday, September 12, 2005 2:28 PMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] Seemingly bad
virus this morning
-Matt,
Does the wget -N command work for you with
Mcafee.
I also use the -N and get the full download
, September 12, 2005 2:47 PMTo:
Declude.Virus@declude.comSubject: RE: [Declude.Virus] Seemingly bad
virus this morning
Scott, in various older versions of wget, the -N
parameteras well as the --header=Accept-Encoding:gzip
parameterplain old didn't work. Pick up the current version
the full
download every time.
-
Original Message -
From:
Matt
To:
Declude.Virus@declude.com
Sent:
Monday, September 12, 2005 4:13 PM
Subject:
Re: [Declude.Virus] Seemingly bad virus this morning
Nice script, but the executables don't change
, and
things weren't perfectly synched.
I'm using 1.10-something.
Andrew 8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Monday, September 12, 2005 3:35 PMTo:
Declude.Virus@declude.comSubject: Re: [Declude.Virus] Seemingly bad
virus this morning
Scott
21 matches
Mail list logo