[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another round of viruses - encrypted this time



I'm seeing the same behavior.  After updating our Sybari virus scanner
for exchange, we're catching it on the server, but Norton is still
missing it on the desktops.


On Wed, Mar 03, 2004 at 12:06:54PM -0600, Todd Davis wrote:
> Unfortunately, since the virus scanner doesn't "know" the password, it
> can't open the zip and ends up letting the attachment through.  
> 
> We had one come in here that said it was from our email gateway.  It
> stated that there were changes in place and the user needed to follow
> the attached directions.  Another user received one that appeared to
> come from Yahoo support on her Yahoo account that stated that her
> account was being used as a spam relay.
> 
> In both cases I manually scanned the zip file which did not show any
> infections.  However, after unzipping the archive and scanning the
> enclosed executable the virus was reported.
> 
> On Wed, 2004-03-03 at 11:52, Gary wrote:
> > Hi Mike808,
> > 
> > On Wed, 3 Mar 2004 19:05:57 GMT UTC (3/3/2004, 1:05 PM -0600 UTC my time),
> > mike808@users.sourceforge.net wrote:
> > 
> > m> I heard about another spate of new viruses, several of which are hiding
> > m> themselves inside encrypted zip files.
> > 
> > interesting. Many virus scanners will open zip files and other attachments
> > and run the scanners over these as well before allowing them in the system.
> > Will be interesting to see if these are picked up.
> > 
> > m> Since in ordler to generate a new "signature", all they need to do is change the
> > m> password, this will be quite difficult to deal with if your policy requires you
> > m> to "let in" attachments.
> > 
> > m> For those that haven't seen them, they come through in a message like this:
> > 
> > >> Subject: Notify about your e-mail account utilization.
> > 
> > As long as the subject remains relatively the same, one could key/grep on
> > part of it to quarantine.
> > 
> > 
> > --
> > Gary
> > 
> > TEAMWORK...means never having to take all the blame yourself.
> > 
> > 
> > -
> > To unsubscribe, send email to majordomo@luci.org with
> > "unsubscribe luci-discuss" in the body.
> -- 
> Todd Davis (tdavis@msfw.com)
> Red Hat Certified Engineer (RHCE #807101281603181)
> 
> 
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.