Re: PS: FirstClass installations an exploit target?

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Tue, 04 Apr 2006 13:37:04 EDT, James H Moore said:

> I should have mentioned that it carries an attachment
> important-details.zip which our spam/virus gateway stripped before it
> got to FirstClass.

Not a FirstClass issue at all, I suspect.  It's one of the many worm variants
that say the "Your <victim.domain> account was used to send spam", to entice
you to open the .zip (which is the malware/worm payload).

We can tell when a new variant has popped up that we don't have filters for,
because we get stuff signed 'The vt.edu admin team' that we didn't send. ;)

Attachment: _bin
Description: