Re: New Virus / Trojan ?

[Frank Reppin <frank.reppin () boerde de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vincent Jaussaud wrote:
| Hi there;
|
| We just saw a malicious program coming into our network.
|
| As usual, it uses it's own SMTP engine to send itself.
|
| None of our anti-virus knows about it (NAV, ClamScan, File::Scan), and
| since it's a zip file, it isn't blocked by our mail system.
|
| The zip file contains one file, named (without quotes):
|
[britney.jpg thingie]
| If any of you already faced this one, please share any comments / idea
| you may have.

I've seen this today too - up2date clamscan doesn't know about it yet.
But I had more luck after I've manually forced another update
on our Kaspersky scanner and it's detected as:

mail:~/virii# /opt/kav/bin/kavscanner [cleared_filename].txt\ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ .scr
Kaspersky Anti-Virus On-Demand Scanner for Linux. Version
5.0.4.0/RELEASE build #3, compiled Jul  5 2004, 16:07:57
Copyright (C) Kaspersky Lab, 1997-2004.
There are 94049 records loaded, the latest update 26-07-2004
Config file: /etc/kav/5.0/kav4unix.conf
~                                                 .scr INFECTED
I-Worm.Mydoom.m


| We'll try to submit this to Symantec Virus analysists.
|
| If you need further infos, please let me know.
|
| Thanks in advance !
| Best Regards,
|

cheers,
frank

- --
43rd Law of Computing:
~        Anything that can go wr
fortune: Segmentation violation -- Core dumped
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBBVg39Atrv5KxwOwRArX9AJoDAJRvkGc2eentlwxqwXv9L3AVFwCaAmlT
JsFHF4c6rwxmPq7hYqps9m4=
=zX3o
-----END PGP SIGNATURE-----