nanog mailing list archives

RE: interesting new virus, maybe???

From: Hank Nussbacher <hank () att net il>
Date: Sat, 10 Jan 2004 18:51:48 +0200


At 11:16 AM 09-01-04 -0800, Brennan_Murphy () NAI com wrote:

Send it in to AVERT. It's free analysis and will give you
recommendations for how to deal with it:

https://www.webimmune.net/default.asp

...does require registration but again, it's free.

or email it in per instructions here:

http://vil.nai.com/vil/submit-sample.asp

other vendors may have similar mechanisms.


If you get a new virus here are some addresses:

Command Software             <virus () commandcom com>
Computer Associates (US)     <virus () ca com>
Computer Associates (Vet/EZ) <ipevirus () vet com au>
DialogueScience (Dr. Web)    <Antivir () dials ru>
Eset (NOD32)                 <sample () nod32 com>
F-Secure Corp.               <samples () f-secure com>
Frisk Software (F-PROT)      <viruslab () f-prot com>
Grisoft (AVG)                <virus () grisoft cz>
H+BEDV (AntiVir):            <virus () antivir de>
Kaspersky Labs               <newvirus () kaspersky com>
Network Associates (McAfee)  <virus_research () avertlabs com>
Norman (NVC)                 <analysis () norman no>
Sophos Plc.                  <support () sophos com>
Symantec (Norton)            <avsubmit () symantec com>
Trend Micro (PC-cillin)      <virus_doctor () trendmicro com>

-Hank

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Scott Granados
Sent: Friday, January 09, 2004 12:43 PM
To: nanog () merit edu
Subject: interesting new virus, maybe???

I'm not sure if anyone has seen this or if its just to early but.

While opening mail, <not with a microsoft outlook product> I found
something which looked different.  The message was from pgp-public-key
and
said "Here is my key".  When you look at the attachment its called
youremail.doc.com obviously something meant to be executed.  What struck

me as  different from the top was it wasn't from a support@microsoft or
some such address it specifically mentioned pgp_public_key.  Also, I
obviously didn't try to run the code or do anything with it, it is 76 K
in
size and again called youremail.doc.com.

I haven't tried a virus scanner against it yet but will later.

Thanks

Scott

Current thread:

interesting new virus, maybe??? Scott Granados (Jan 09)
- <Possible follow-ups>
- RE: interesting new virus, maybe??? Brennan_Murphy (Jan 09)
- RE: interesting new virus, maybe??? Hank Nussbacher (Jan 10)