doc.zip

  • Thread starter Thread starter Bruno De Witte
  • Start date Start date
B

Bruno De Witte

Good afternoon,
We received several emails from unknown senders with following attachment :
doc.zip which we of course deleted right away.
I suppose it is a new virus, however it was not detected by Norton.

Any idea?

Thanks and regards,
Bruno
 
Bruno De Witte said:
Good afternoon,
We received several emails from unknown senders with following attachment :
doc.zip which we of course deleted right away.
I suppose it is a new virus, however it was not detected by Norton.

Any idea?
Click to expand...

Nee. Norton slaat eerst aan als je de attachment probeert te openen. Norton
up-to-date?
 
Good afternoon,
We received several emails from unknown senders with following attachment :
doc.zip which we of course deleted right away.
I suppose it is a new virus, however it was not detected by Norton.

Any idea?
Click to expand...

A recent worm that sends actual ZIP files is called Mydoom. Is NAV up
to date? If so, send a sample to them for analysis. It may be a new
variant or even something new. You can also use antivirus scanner
file upload sites to get "second opinions" and see what other av
scanners come up with. Here's some sites:

http://www.claymania.com/anti-virus.html

Also, did you verify that the actual file extension is zip and not
something like:

..ZIP .EXE

with "hidden" spaces after the .ZIP


Art
http://www.epix.net/~artnpeg
 
On that special day, Bruno De Witte, ([email protected])
said...
Good afternoon,
We received several emails from unknown senders with following attachment :
doc.zip which we of course deleted right away.
I suppose it is a new virus, however it was not detected by Norton.

Any idea?
Click to expand...

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
?

But they didn't tell which methods are used to create the filenames of
the infectious attachments. "Mine" was a "rlp.exe".

BTW: The mail as seen in plain text shows a header that first defines
the content-type as
Content-Type: application/x-msdownload; name="dgmgtgafo.exe"
and then another line gives the definition
Content-Disposition: attachment; filename="rlp.exe"

Are inconsistent filenames typical for x-msdownload contents?


Gabriele Neukam

(e-mail address removed)
 
On that special day, Gabriele Neukam, (Gabriele.Spamfighter.Neukam@t-
online.de) said...
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
?

But they didn't tell which methods are used to create the filenames of
the infectious attachments. "Mine" was a "rlp.exe".
Click to expand...

Wait, perhaps I must correct myself. There is already another worm
active, which had been impacting the Heise mail box with a hundred or so
specimens.
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
Click to expand...

That one does sometimes hide its files in a zip archive, probably
relying on the fact that the inbuilt unzipper of Windows ME and XP will
open them, when double clicking the attachment.


Gabriele Neukam

(e-mail address removed)
 
Bruno De Witte a ecrit le 18/02/2004 16:30:
Good afternoon,
We received several emails from unknown senders with following attachment :
doc.zip which we of course deleted right away.
I suppose it is a new virus, however it was not detected by Norton.

Any idea?

Thanks and regards,
Bruno
Click to expand...
Could you send me a copy of such attachment or mail before you delete it?
So i would be able to analyze it and send you a report and insert it to
my collection :)
thanks
John
 
John said:
Bruno De Witte a ecrit le 18/02/2004 16:30:

Could you send me a copy of such attachment or mail before you delete it?
So i would be able to analyze it and send you a report and insert it to
my collection :)
Click to expand...

and people should trust your motives because . . .?
 
Bruno De Witte said:
We received several emails from unknown senders with following attachment :
doc.zip which we of course deleted right away.
I suppose it is a new virus, however it was not detected by Norton.
Click to expand...

I have received a .zip-file, too, but... it's a pity, only 0 (zero)
Bytes, although an attachment :-)

Seems any dumb virusscanner has deleted on the way to me, would be
better if all those dumb virusscanners would delete complete mail, too,
_and_ give information to the "sender" (if own customer) and its own
admin. No one needs infected emails other than the "real" sender or the
mail admin so he can stop getting mails from unsecure sources using
"his" mail-servers.

I am not able to look into the attachment and try to check which worm it
could have been inside, what a pain...

Grüsse von
Jürgen
 
Juergen Kuehne said:
I have received a .zip-file, too, but... it's a pity, only 0 (zero)
Bytes, although an attachment :-)

Seems any dumb virusscanner has deleted on the way to me, would be
better if all those dumb virusscanners would delete complete mail, too,
_and_ give information to the "sender" (if own customer) and its own
admin. No one needs infected emails other than the "real" sender or the
mail admin so he can stop getting mails from unsecure sources using
"his" mail-servers.

I am not able to look into the attachment and try to check which worm it
could have been inside, what a pain...
Click to expand...

No! Netsky has a flaw whitch make to senr these 0 byte parts but it is still
the real thing.
 
Back
Top