Re: New Virus?

[Eduardo Vela <sirdarckcat () gmail com>]

Hello
Well, In my case, I had the same answer of:
<SAMPLE WEB PAGE>
403 Forbidden

We're sorry...
... but we can't process your request right now. A computer virus or spyware
application is sending us automated requests, and it appears that your
computer or network has been infected.

We'll restore your access as quickly as possible, so try again soon. In the
meantime, you might want to run a virus checker or spyware remover to make
sure that your computer is free of viruses and other spurious software.

We apologize for the inconvenience, and hope we'll see you again on Google.
</SAMPLE WEB PAGE>

but it only shows, when I change the page to 2, or 3, etc...
it appears, that it dissapeared, some days after, but I would like to
know what caused that.

On 8/15/05, Alex Arndt <aarndt () rogers com> wrote:
> Good day,
>
> I just received an e-mail (subject: test) with a ZIP archive attachment that
> claims to be from "MAILER-DAEMON () rogers com", but it in reality from IP
> 66.31.78.168 (c-66-31-78-168.hsd1.nh.comcast.net).
>
> ZIP Attachment, when opened contains an .EXE file that is attempting to look
> like a .DOC file by using a number of spaces in it. Filename in the e-mail I
> received is "aarndt () rogers com doc
> .exe"
>
> This is likely a Trojan or other backdoor program. The interesting thing is
> that my AV software (which is the free CA anti-virus provided by Rogers
> Yahoo) is not picking it up, nor is the Symantec-based AV scanning that
> Rogers uses on inbound e-mail.
>
> I will be forwarding the e-mail to AV vendors as a sample. Just figured I'd
> give everyone a heads-up just in case...
>
> FYI, a quick Google search of the .EXE filename came up with nothing. In
> fact, I got this error message when I tried to search for "rogers.com.doc
> .exe":
>
> <SAMPLE WEB PAGE>
> 403 Forbidden
>
> We're sorry...
> ... but we can't process your request right now. A computer virus or spyware
> application is sending us automated requests, and it appears that your
> computer or network has been infected.
>
> We'll restore your access as quickly as possible, so try again soon. In the
> meantime, you might want to run a virus checker or spyware remover to make
> sure that your computer is free of viruses and other spurious software.
>
> We apologize for the inconvenience, and hope we'll see you again on Google.
> </SAMPLE WEB PAGE>
>
> I hope this information proves useful,
>
> Alex Arndt
> CISSP, GCIA, GCIH
>
> "Within all order is the potential for chaos..."



-- 
-------------------------------------------------------------
Sirdarckcat () gmail com


_--;;;.Firma, automaticamente añadida.;;;--_

!!!ATENCIÓN¡¡¡
+Quien quiera una invitación digame, tengo muchas
_No me pregunten nada respecto a lo de RedCode, porque igual se
eliminaran automaticamente los mails.
¨¨El codigo de Ebay ya esta disponible en el buscador de crackportal,
phazeddl, ilegaldownloads, thebugs-ws, astalavista (hktm),
selfdomain.??, etc..
::PROXIMAMENTE USA LOS SATELITES DE ECHELON E0XX, PARA VER DESDE EL
ESPACIO CUALQUIER LUGAR DEL MUNDO
}}Pidanme el nuevo codigo antipublicidad unviersal, ya lo termine.