|
FYI, This virus appears to be using multiple forms of infection. One seems to link to the IP where you are prompted to run/download the infected program and the others have infected attachments in the E-mail itself. Based on reviewing my logs and spam capture file, it appears that initially they were all mass mailed from 66.251.60.35 including the linked IP in the body that everyone was seeing. Then when I stopped seeing these in my Hold/review range about 2 hours ago, I started seeing E-mails come in with attachments that were being blocked by at least McAfee. I'm thinking that 66.251.60.35 was being used to seed the virus using a link to the payload and now the infected computers from this seeding run are sending the actual virus out as an attachment. Matt Pete McNeil wrote: New rule - 369676 under Malware. New experimental rule on message structure: 369677_M On Monday, June 6, 2005, 6:13:23 PM, Dave wrote: DM> New target ip: 205.138.199.146 DM> -----Original Message----- DM> From: [EMAIL PROTECTED] DM> [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Matuska DM> Sent: Monday, June 06, 2005 3:01 PM DM> To: [email protected] DM> Subject: Re: Re[2]: [sniffer] New Spam/Virus? DM> Thanks Pete, DM> What Return code will this be under? DM> Jim Matuska Jr. DM> Computer Tech2, CCNA DM> Nez Perce Tribe DM> Information Systems DM> [EMAIL PROTECTED] DM> ----- Original Message ----- DM> From: "Pete McNeil" <[EMAIL PROTECTED]> DM> To: "Dave Koontz" <[email protected]> DM> Sent: Monday, June 06, 2005 3:00 PM DM> Subject: Re[2]: [sniffer] New Spam/Virus?On Monday, June 6, 2005, 5:50:38 PM, Dave wrote: DK> Same exact IP here! We've got a couple of rules for this now -- making the rounds as new compiles go out. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.htmlDM> This E-Mail came from the Message Sniffer mailing list. For information DM> and (un)subscription instructions go to DM> http://www.sortmonster.com/MessageSniffer/Help/Help.html DM> This E-Mail came from the Message Sniffer mailing list. For DM> information and (un)subscription instructions go to DM> http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== |
- Re: [sniffer] New Spam/Virus? Jim Matuska
- RE: [sniffer] New Spam/Virus? Dave Koontz
- Re[2]: [sniffer] New Spam/Virus? Pete McNeil
- Re: Re[2]: [sniffer] New Spam/Virus? Jim Matuska
- Re[4]: [sniffer] New Spam/Virus? Pete McNeil
- RE: Re[4]: [sniffer] New Spam/Vi... John W. Enyart
- RE: [sniffer] New Spam/Virus? Colbeck, Andrew
- RE: [sniffer] New Spam/Virus? Dave Koontz
- RE: Re[2]: [sniffer] New Spam/Virus? Dave Marchette
- Re[4]: [sniffer] New Spam/Virus? Pete McNeil
- Re: [sniffer] New Spam/Virus? Matt
- RE: [sniffer] New Spam/Virus? Colbeck, Andrew
- RE: [sniffer] New Spam/Virus? Colbeck, Andrew
