mailing list archives
Re: Undetectable Virus from CANADA ISP 22.214.171.124
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 23 Oct 2004 23:40:11 +1300
Andrew Smith to Farrukh Hussain:
Today I got e-mail from "126.96.36.199" CANADA ISP which has undetectable
This just means that you or your A/V hasn't updated their virus
definitions. Try multiple A/V programs, this will cover a wider range
_OR_ it means Farrukh was depending on an unreliable or outdated virus
Scanned with 21 different scanners a few hours after the message was
posted and 20 of them detected it. This was not due to some recent (as
in the preceding few hours) rush of updates -- most web descriptions
agree that the virus they detected was first seen very late in July,
with a second variant a few days later, early in August.
That result _includes_ the same scanner (by name) that Hotmail
reputedly uses, but then, Hotmail failing to reliably keep its scanner
up to date, and/or the supplier of said scanner failing to provide
reliable updates to Hotmail are not exactly news, and it has been long
suspected that Hotmail's virus scanning is designed to "fail open"
(i.e. pass on Email that has not been scanned but report it as if it
has been scanned and found "not infected").
In short, this virus has been widely detected since late July/early
August by almost all "Western" virus detection engines, so the OP's
report and concerns would seem more than a tad misdirected...
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Full-Disclosure - We believe in it.