 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
#1
08-12-2008, 01:50 PM
|
Virus check...
I received a suspect mail and sent it off to the virus scan site.
((E-Mail Removed) : Subject SCAN. This is what they sent back) The interesting thing is not that there was a virus there: I was almost sure the was..but how many sites *didn't* find it.. Complete scanning result of "WW_671282.zip", processed in VirusTotal at 08/12/2008 14:39:39 (CET). [ file data ] * name..: WW_671282.zip * size..: 49434 * md5...: aefa2457dce9214b1349403bba664d12 * sha1..: c4aa3c90299e783113bb5c97d830f15a618bb226 * peid..: - [ scan result ] AhnLab-V3 2008.8.12.0/20080812 found nothing AntiVir 7.8.1.19/20080812 found [TR/Spy.ZBot.DPI] Authentium 5.1.0.4/20080812 found [W32/Downldr2.DIFW] Avast 4.8.1195.0/20080811 found nothing AVG 8.0.0.156/20080812 found [Pakes_c.SH] BitDefender 7.2/20080812 found [Trojan.Spy.Wsnpoem.GH] CAT-QuickHeal 9.50/20080811 found nothing ClamAV 0.93.1/20080812 found [Trojan.Zbot-1936] DrWeb 4.44.0.09170/20080812 found nothing eSafe 7.0.17.0/20080811 found nothing eTrust-Vet 31.6.6027/20080812 found [Win32/Kollah.NG] Ewido 4.0/20080812 found nothing F-Prot 4.4.4.56/20080812 found [W32/Downldr2.DIFW] F-Secure 7.60.13501.0/20080812 found [Trojan-Spy.Win32.Zbot.dvy] Fortinet 3.14.0.0/20080812 found nothing GData 2.0.7306.1023/20080812 found [Trojan-Spy.Win32.Zbot.dvy] Ikarus T3.1.1.34.0/20080812 found [Win32.Outbreak] K7AntiVirus 7.10.412/20080812 found nothing Kaspersky 7.0.0.125/20080812 found [Trojan-Spy.Win32.Zbot.dvy] McAfee 5358/20080811 found nothing Microsoft 1.3807/20080812 found [PWS:Win32/Zbot.gen!G] NOD32v2 3348/20080812 found [Win32/Spy.Agent.PZ] Norman 5.80.02/20080812 found nothing Panda 9.0.0.4/20080812 found nothing PCTools 4.4.2.0/20080812 found nothing Prevx1 V2/20080812 found nothing Rising 20.57.12.00/20080812 found nothing Sophos 4.32.0/20080812 found [Troj/Dloadr-BPX] Sunbelt 3.1.1542.1/20080812 found [Trojan-Spy.Win32.Zbot.gen (v)] Symantec 10/20080812 found [Trojan.Wsnpoem] TheHacker 6.2.96.396/20080812 found nothing TrendMicro 8.700.0.1004/20080812 found [TROJ_DLOADR.IM] VBA32 3.12.8.3/20080811 found nothing ViRobot 2008.8.12.1333/20080812 found nothing VirusBuster 4.5.11.0/20080811 found nothing Webwasher-Gateway 6.6.2/20080812 found [Win32.NewMalware.PU!59392] The Natural Philosopher 
|
|
#2
08-12-2008, 02:59 PM
|
|||
|
|||
|
Re: Virus check...
The Natural Philosopher wrote:
> I received a suspect mail and sent it off to the virus scan site. > ((E-Mail Removed) : Subject SCAN. This is what they sent back) > > The interesting thing is not that there was a virus there: I was > almost sure the was..but how many sites *didn't* find it.. Not that surprising really. If it's a new one, I imagine it'll take a few days before all the companies become aware of it and update their virus definition files. Probably if you resubmitted it tomorrow, there would be a far higher detection rate. At the end of the day, common sense is your first line of defence against viruses. You'd have to be a real dweeb to imagine that a file with a name like "WW_671282.zip" attched to an email *wasn't" a virus. Tim
|
|
#3
08-12-2008, 03:17 PM
|
|||
|
|||
|
Re: Virus check...
Tim Downie wrote:
> The Natural Philosopher wrote: >> I received a suspect mail and sent it off to the virus scan site. >> ((E-Mail Removed) : Subject SCAN. This is what they sent back) >> >> The interesting thing is not that there was a virus there: I was >> almost sure the was..but how many sites *didn't* find it.. > > Not that surprising really. If it's a new one, I imagine it'll take a few > days before all the companies become aware of it and update their virus > definition files. Probably if you resubmitted it tomorrow, there would be a > far higher detection rate. > > At the end of the day, common sense is your first line of defence against > viruses. You'd have to be a real dweeb to imagine that a file with a name > like "WW_671282.zip" attched to an email *wasn't" a virus. > > Tim > > trouble is the Dweebs live amongst us ,I am working with 300+ programmers and professionals for a Major credit card company and last week alone we have had 6 different viruses caused by them opening dodgy emails or surfing weird sites during lunch breaks -- Kevin R Reply address works
|
|
#4
08-12-2008, 03:26 PM
|
|||
|
|||
|
Re: Virus check...
"Kevin" <(E-Mail Removed)> wrote in message
news:eYgok.152193$(E-Mail Removed)2... > > trouble is the Dweebs live amongst us ,I am working with 300+ > programmers and professionals for a Major credit card company and last > week alone we have had 6 different viruses caused by them opening dodgy > emails I just don't see them. I don't know what virus filtering services my ISP (34sp) uses but pretty well nothing at all ever gets through. Look, hardly any email uses actually *want* to receive these viruses, surely to goodness, so why doesn't *every* ISP just silently dump them by default? -- Tim Ward Brett Ward Limited - www.brettward.co.uk
|
|
#5
08-12-2008, 03:56 PM
|
|||
|
|||
|
Re: Virus check...
On Tue, 12 Aug 2008 13:50:11 +0100, The Natural Philosopher <(E-Mail Removed)>
wrote: >I received a suspect mail and sent it off to the virus scan site. >((E-Mail Removed) : Subject SCAN. This is what they sent back) I'm surprised it reached there at all...LOL >The interesting thing is not that there was a virus there: I was almost >sure the was..but how many sites *didn't* find it..
|
|
#6
08-12-2008, 03:59 PM
|
|||
|
|||
|
Re: Virus check...
Tim Downie wrote:
> The Natural Philosopher wrote: >> I received a suspect mail and sent it off to the virus scan site. >> ((E-Mail Removed) : Subject SCAN. This is what they sent back) >> >> The interesting thing is not that there was a virus there: I was >> almost sure the was..but how many sites *didn't* find it.. > > Not that surprising really. If it's a new one, I imagine it'll take a few > days before all the companies become aware of it and update their virus > definition files. Probably if you resubmitted it tomorrow, there would be a > far higher detection rate. > > At the end of the day, common sense is your first line of defence against > viruses. You'd have to be a real dweeb to imagine that a file with a name > like "WW_671282.zip" attched to an email *wasn't" a virus. > Oh, I totally agree. But this is not a particularly new one I think. > Tim > >
|
|
#7
08-12-2008, 05:05 PM
|
|||
|
|||
|
Re: Virus check...
The Natural Philosopher wrote:
> >But this is not a particularly new one I think. Oh the payload attached to the UPS emails has been changing pretty rapidly, far faster than some AV vendors update their virus definitions. Once a day doesn't really cut it any more. The advice not to follow links or open attachments unless you've confirmed in some way that they are genuine is much more useful. Especially as the scam ones like this are getting more convincing. -- (E-Mail Removed) http://lnr.livejournal.com/
|
|
#8
08-12-2008, 05:22 PM
|
|||
|
|||
|
Re: Virus check...
Tim Ward wrote:
> "Kevin" <(E-Mail Removed)> wrote in message > news:eYgok.152193$(E-Mail Removed)2... > > >> trouble is the Dweebs live amongst us ,I am working with 300+ >> programmers and professionals for a Major credit card company and last >> week alone we have had 6 different viruses caused by them opening dodgy >> emails > > I just don't see them. I don't know what virus filtering services my ISP > (34sp) uses but pretty well nothing at all ever gets through. > > Look, hardly any email uses actually *want* to receive these viruses, surely > to goodness, so why doesn't *every* ISP just silently dump them by default? > thats ok if your ISP knows its a virus, how it differentiates between an unknown virus and your friend emailing you a holiday video Zipped up is where the problem lies, do you want your ISP to filter out a wanted emails because it might be a virus? -- Kevin R Reply address works
|
|
#9
08-12-2008, 06:07 PM
|
|||
|
|||
|
Re: Virus check...
"Java Jive" <(E-Mail Removed)> wrote in message news  (E-Mail Removed)...> Trouble is, they are designed to look like something else. > > I suspect the OP may have received the same or a similar email to the > one I got this morning, which claimed to be from UPS concerning a > package I had posted a month ago. What I presume was a payload > pretended to be some sort of form 'UPS' wanted me to complete, in a > zip. Fortunately, I haven't posted anything via UPS recently, so I > knew straight away it was spam, and killfiled it. > >>>>>>>>>> OH S!!T I recd. that a few days ago and I opened it as I WAS expecting a dellivery... I realised what it was too late ...... :-(((( I then updated AVG and did a full scan which found nowt. Everythins _seeeeems_ OK, but.... Now what? Is my Dell going toturn into a pumpkin next Friday the thirtenth? (Currently rescanning all with updated AVG again....<X's fingers> Grrrrrrrrrrrrrr -- ¦zulu¦
|
|
#10
08-12-2008, 06:24 PM
|
|||
|
|||
|
Re: Virus check...
The Natural Philosopher wrote: > I received a suspect mail and sent it off to the virus scan site. > ((E-Mail Removed) : Subject SCAN. This is what they sent back) > > The interesting thing is not that there was a virus there: I was almost > sure the was..but how many sites *didn't* find it.. That happened to me once. It was a 'rare' virus. Had to do a manual removal based on a method from one its cousins ! Graham
|
 |
| Tags |
| check, virus |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
