Security Incidents mailing list archives
Re: New variant of Virus ?
From: Mike Tancsa <mike () sentex net>
Date: Wed, 28 Jan 2004 12:45:44 -0500
I got one of these as well. f-prot will pick it up in the next defs as W32/Ovnod.A@pws according to the feedback I got.
% md5 message.exe MD5 (message.exe) = 6e1aa7ec98aac34fd3a329569098f284 is the one I got. It came fromReceived: from compuserve.com ([211.239.72.207]) Tue, 27 Jan 2004 14:31:31 -0500 (EST)
---Mike At 05:13 PM 27/01/2004, Hubbard, Dan wrote:
It looks like there maybe a new variant of the virus MyDoom worm. We have seen the following: RE: I still love you fLctv Error 551: We are sorry your UTF-8 encoding is not supported by the server, so the text was automatically zipped and attached to this message. The file attached is message.zip and unzips to message.exe I am analyzing the file for behavior and will update, but has anyone else seen this yet ? The latest Nassoc DAT does not cover this. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- New variant of Virus ? Hubbard, Dan (Jan 28)
- Re: New variant of Virus ? Gary Flynn (Jan 28)
- Re: New variant of Virus ? Nick FitzGerald (Jan 29)
- Message not available
- Re: New variant of Virus ? Mike Tancsa (Jan 28)
- Re: New variant of Virus ? Luke Gill (Jan 28)
- Re: New variant of Virus ? Mike Tancsa (Jan 28)
- Re: New variant of Virus ? Gary Flynn (Jan 28)
- RE: New variant of Virus ? Larry Seltzer (Jan 28)
- RE: New variant of Virus ? falcon (Jan 28)