Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: [ok] Possible Virus/Trojan
From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 27 Jul 2004 11:27:33 -0500

We have a corporate anti-virus system (AV company based out of Europe) that
I have access too and it is update to date. We normally see viruses before
IDEs are out and are used to handling them in that manner. Most of the time
we hold these unknown files until they are detectable. This file was sent to
the AV vendor before I got my copy and I am the only person in the company
that got this e-mail.

I was the only person to receive this e-mail. To put this in content - we
received about hundred MyDoom-O viruses yesterday.

My job function doesn't allow me the time to look into the code and what it
does as much as I would like. I haven't tried another AV product, but I do
understand that multiple scanners if the best way for detection.


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Duncan Hill
Sent: Tuesday, July 27, 2004 10:17 AM
To: full-disclosure () lists netsys com
Subject: Re: [ok] [Full-disclosure] Possible Virus/Trojan

On Tuesday 27 July 2004 14:28, Todd Towles might have typed:
Hey guys,

I was able to finally get the file out of Outlook via add-on. The add-on
moves file types from Level 1 to Level 2. Anyways, it wasn't detected as a
virus and it is only 35 KBs in size. Kinda small.

35K is large enough to contain a virus that propagates via an internal SMTP 
engine and do other fun things like search google etc.

How up to date is your virus scanner?  Have you tried more than one virus 

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]