funsec mailing list archives

Re: ? - I don't know where to send this one, so I'm sending it here...

From: Rob Thompson <my.security.lists () gmail com>
Date: Wed, 2 Nov 2005 11:56:53 -0800

So I ran the scan according to Jonathan Glass' recommendation.

Here are the results:

--------------------START----------------------------------

This is a report processed by VirusTotal on 11/02/2005 at 20:51:26
(CET) after scanning the file "Info_prices.zip" file.

Antivirus       Version Update  Result
AntiVir 6.32.0.6        11.02.2005      TR/Bagle.DR
Avast   4.6.695.0       11.02.2005      Win32:Beagle-FT
AVG     718     11.01.2005      no virus found
Avira   6.32.0.6        11.02.2005      TR/Bagle.DR
BitDefender     7.2     11.02.2005      Trojan.Downloader.Bagle.H
CAT-QuickHeal   8.00    11.02.2005      Bagle.eb
ClamAV  devel-20050917  11.02.2005      no virus found
DrWeb   4.33    11.02.2005      Win32.HLLM.Beagle.38912
eTrust-Iris     7.1.194.0       11.01.2005      no virus found
eTrust-Vet      11.9.1.0        11.02.2005      no virus found
Fortinet        2.48.0.0        11.02.2005      W32/Mitglieder.GB!tr
F-Prot  3.16c   11.02.2005      security risk named W32/Mitglieder.GB
Ikarus  0.2.59.0        11.02.2005      Email-Worm.Win32.Bagle.EE
Kaspersky       4.0.2.24        11.02.2005      Email-Worm.Win32.Bagle.eb
McAfee  4618    11.02.2005      W32/Bagle.gen
NOD32v2 1.1272  11.02.2005      Win32/Bagle.DG
Norman  5.70.10 11.02.2005      W32/Malware
Panda   8.02.00 11.02.2005      Trj/Mitglieder.FL
Sophos  3.99.0  11.02.2005      Troj/BagleDl-Y
Symantec        8.0     11.02.2005      no virus found
TheHacker       5.9.1.027       11.02.2005      W32/Bagle.gen
VBA32   3.10.4  11.02.2005      Email-Worm.Win32.Bagle.eb

VirusTotal is a free service offered by Hispasec Sistemas. There are
no guarantees about the availability and continuity of this service.
Although the detection rate afforded by the use of multiple antivirus
engines is far superior to that offered by just one product, these
results DO NOT guarantee the harmlessness of a file. Currently, there
is not any solution that offers a 100% effectiveness rate for
detecting viruses and malware.

---------------------STOP-------------------------------------

My apologies for the formatting error, but at this point and time I
don't have the time to fix the formatting.  I need to get on the ball
and make sure one of my customers don't open that file.  Funny looking
at that list though, can any of you guess which AV vendor I'm using???
 ;p  Sad eh...

To those of you that responded, thank you VERY much, I truly
appreciate it.  That VirusTotal site is rather nifty.  I will
definately be adding that to my bag o' trix.

Should anyone still desire a copy for their own testing, please lemme know.

Again, thank you all.

Rob.

On 11/2/05, Jonathan Glass <jonathan.glass () oit gatech edu> wrote:

http://www.virustotal.com/  should be of some use to you.  can you send
me a copy of the attachment?

Thanks

Jonathan Glass

Rob Thompson wrote:

Howdy all...

I have a few customers of mine that are getting e-mails that are a little off...

I don't really know where to start with this.  Basically, they are
getting e-mails to themselves from themselves at a different domain.

A file is attached (I am not including it in this e-mail but will send
it to those who request it should they so desire) in a zip named
"Info_prices.zip" within the zip is a file called "Text5546.exe".

I have Googled the file name for both the zip and executable and am
coming up with nothing.

OH - the subject line is just "FW:" it's a forwarded message that is blank.

I went to Symantec to try to submit a copy of the virus but apparently
I have to own a copy of their AV product and we don't use it here at
work.  Also, the vendor we do use is showing nothing in the a/v scan
AND they don't have a virus submit page either.

Anyone have any advice?  I fear that this may be something new, but
don't know how to confirm it.


--
Rob

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



--
Rob

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

? - I don't know where to send this one, so I'm sending it here... Rob Thompson (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending it here... Jonathan Glass (Nov 02)
  - Re: ? - I don't know where to send this one, so I'm sending it here... Rob Thompson (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending it here... Scott Blomquist (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending it here... Mary Landesman (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending it here... Rob Thompson (Nov 02)
- <Possible follow-ups>
- RE: ? - I don't know where to send this one, so I'm sending it here... Young, Keith (Nov 02)