funsec mailing list archives
Re: ? - I don't know where to send this one, so I'm sending it here...
From: Rob Thompson <my.security.lists () gmail com>
Date: Wed, 2 Nov 2005 11:56:53 -0800
So I ran the scan according to Jonathan Glass' recommendation. Here are the results: --------------------START---------------------------------- This is a report processed by VirusTotal on 11/02/2005 at 20:51:26 (CET) after scanning the file "Info_prices.zip" file. Antivirus Version Update Result AntiVir 6.32.0.6 11.02.2005 TR/Bagle.DR Avast 4.6.695.0 11.02.2005 Win32:Beagle-FT AVG 718 11.01.2005 no virus found Avira 6.32.0.6 11.02.2005 TR/Bagle.DR BitDefender 7.2 11.02.2005 Trojan.Downloader.Bagle.H CAT-QuickHeal 8.00 11.02.2005 Bagle.eb ClamAV devel-20050917 11.02.2005 no virus found DrWeb 4.33 11.02.2005 Win32.HLLM.Beagle.38912 eTrust-Iris 7.1.194.0 11.01.2005 no virus found eTrust-Vet 11.9.1.0 11.02.2005 no virus found Fortinet 2.48.0.0 11.02.2005 W32/Mitglieder.GB!tr F-Prot 3.16c 11.02.2005 security risk named W32/Mitglieder.GB Ikarus 0.2.59.0 11.02.2005 Email-Worm.Win32.Bagle.EE Kaspersky 4.0.2.24 11.02.2005 Email-Worm.Win32.Bagle.eb McAfee 4618 11.02.2005 W32/Bagle.gen NOD32v2 1.1272 11.02.2005 Win32/Bagle.DG Norman 5.70.10 11.02.2005 W32/Malware Panda 8.02.00 11.02.2005 Trj/Mitglieder.FL Sophos 3.99.0 11.02.2005 Troj/BagleDl-Y Symantec 8.0 11.02.2005 no virus found TheHacker 5.9.1.027 11.02.2005 W32/Bagle.gen VBA32 3.10.4 11.02.2005 Email-Worm.Win32.Bagle.eb VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. ---------------------STOP------------------------------------- My apologies for the formatting error, but at this point and time I don't have the time to fix the formatting. I need to get on the ball and make sure one of my customers don't open that file. Funny looking at that list though, can any of you guess which AV vendor I'm using??? ;p Sad eh... To those of you that responded, thank you VERY much, I truly appreciate it. That VirusTotal site is rather nifty. I will definately be adding that to my bag o' trix. Should anyone still desire a copy for their own testing, please lemme know. Again, thank you all. Rob. On 11/2/05, Jonathan Glass <jonathan.glass () oit gatech edu> wrote:
http://www.virustotal.com/ should be of some use to you. can you send me a copy of the attachment? Thanks Jonathan Glass Rob Thompson wrote:Howdy all... I have a few customers of mine that are getting e-mails that are a little off... I don't really know where to start with this. Basically, they are getting e-mails to themselves from themselves at a different domain. A file is attached (I am not including it in this e-mail but will send it to those who request it should they so desire) in a zip named "Info_prices.zip" within the zip is a file called "Text5546.exe". I have Googled the file name for both the zip and executable and am coming up with nothing. OH - the subject line is just "FW:" it's a forwarded message that is blank. I went to Symantec to try to submit a copy of the virus but apparently I have to own a copy of their AV product and we don't use it here at work. Also, the vendor we do use is showing nothing in the a/v scan AND they don't have a virus submit page either. Anyone have any advice? I fear that this may be something new, but don't know how to confirm it. -- Rob _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-- Rob _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- ? - I don't know where to send this one, so I'm sending it here... Rob Thompson (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending it here... Jonathan Glass (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending it here... Rob Thompson (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending it here... Scott Blomquist (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending it here... Mary Landesman (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending it here... Rob Thompson (Nov 02)
- <Possible follow-ups>
- RE: ? - I don't know where to send this one, so I'm sending it here... Young, Keith (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending it here... Jonathan Glass (Nov 02)