Virus in .zip files?

  • Thread starter Thread starter PropertyGuy
  • Start date Start date
P

PropertyGuy

obviously i am getting virus emails as in the past hour i have rec'd two
emails with attachment "message.zip" and one with the attachment "doc.zip"
ran AVG and PC-Cillin Online on both and came up clean. The attachments were
deleted anyhow, as well as the emails.
any info out there?
j5
 
PropertyGuy said:
obviously i am getting virus emails as in the past hour i have rec'd two
emails with attachment "message.zip" and one with the attachment "doc.zip"
ran AVG and PC-Cillin Online on both and came up clean. The attachments were
deleted anyhow, as well as the emails.
any info out there?
Click to expand...

Yes:
W32/Mydoom, alias Novarg, alias Mimail.R:
http://vil.nai.com/vil/content/v_100983.htm
http://www.f-secure.com/v-descs/novarg.shtml
http://www.sarc.com/avcenter/venc/data/[email protected]
http://www.sophos.com/virusinfo/analyses/w32mydooma.html
http://www.norman.com/virus_info/w32_mydoom_a_mm.shtml
http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_MIMAIL.R

NAI calls it a "High Outbreak", F-Secure puts it to Radar Level 1
(Level 1 is highest), Symantec puts it to Level 4 (Level 4 is
highest), and so on.

We'll all be "happy" to filter or defeat Swen, Sober.C, Blaster,
Dumaru.Y, many Mimail variants and now Mydoom. ;-/

Why can't the VX wait until one worm is over, before releasing the
next beast? I hate them. Really.

Gabriela
 
Yes:
W32/Mydoom, alias Novarg, alias Mimail.R:
http://vil.nai.com/vil/content/v_100983.htm
http://www.f-secure.com/v-descs/novarg.shtml
http://www.sarc.com/avcenter/venc/data/[email protected]
http://www.sophos.com/virusinfo/analyses/w32mydooma.html
http://www.norman.com/virus_info/w32_mydoom_a_mm.shtml
http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_MIMAIL.R

NAI calls it a "High Outbreak", F-Secure puts it to Radar Level 1
(Level 1 is highest), Symantec puts it to Level 4 (Level 4 is
highest), and so on.
Click to expand...

After not seeing anything at all in a long time, there were four
infested .ZIP files in my email this morning:

asoliq.pif
bxjojrx.txt .scr
document.scr
text.doc .scr

which F-Prot for DOS alerts on as W32/Mydoom.A@MM
and KAVDOS32 alerts on as I-worm.Novarg

Note the very old trick of separating the actual .SCR file extension
by a number of spaces away from the file name in two cases. And the
mixture of random names with benign-looking names such as text and
document.

All four of these samples smell so badly of malware you can just spot
them your email server and delete them from there without bothering to
scan them.


Art
http://www.epix.net/~artnpeg
 
After not seeing anything at all in a long time, there were four
infested .ZIP files in my email this morning:

asoliq.pif
bxjojrx.txt .scr
document.scr
text.doc .scr

which F-Prot for DOS alerts on as W32/Mydoom.A@MM
and KAVDOS32 alerts on as I-worm.Novarg

Note the very old trick of separating the actual .SCR file extension
by a number of spaces away from the file name in two cases. And the
mixture of random names with benign-looking names such as text and
document.

All four of these samples smell so badly of malware you can just spot
them your email server and delete them from there without bothering to
scan them.
Click to expand...
My MWP must be flagging those, and I've just routinely deleted them from
the server. I'll have to try and kick a few out of the delete queue long
enough to snag a couple.
 
A nit...
Click to expand...
Actually, 4 is "Sever" and 5 "Vey Severe" according to Symantec's own
description of its rating scheme:
http://securityresponse.symantec.com/avcenter/threat.severity.html#category

That said, from memory they have never used 5, so at least to date 4
is the highest severity rating they've ever used.
Click to expand...

Hi, Nick,

Thanks for this input. I didn't realize that they indeed have 5
severity levels instead of 4. I've never seen level 5 either, yet.

I won't even try to imagine how a malware may look like, if it reaches
the "level 5" mark. That would be the day to switch off the computers
and start gardening.

Gabriela
 
Hi, Nick,

Thanks for this input. I didn't realize that they indeed have 5
severity levels instead of 4. I've never seen level 5 either, yet.

I won't even try to imagine how a malware may look like, if it reaches
the "level 5" mark. That would be the day to switch off the computers
and start gardening.

Gabriela
Click to expand...


Wouldn't that be the same as the government issuing a RED terrorist
alert?

I guess that's when you switch off life and start gardening on clouds.
 
Back
Top