RE: [ok] [Full-Disclosure] Possible Virus/Trojan

["Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>]

We have a corporate anti-virus system (AV company based out of Europe) that
I have access too and it is update to date. We normally see viruses before
IDEs are out and are used to handling them in that manner. Most of the time
we hold these unknown files until they are detectable. This file was sent to
the AV vendor before I got my copy and I am the only person in the company
that got this e-mail.

I was the only person to receive this e-mail. To put this in content - we
received about hundred MyDoom-O viruses yesterday.

My job function doesn't allow me the time to look into the code and what it
does as much as I would like. I haven't tried another AV product, but I do
understand that multiple scanners if the best way for detection.

-Todd

-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Duncan Hill
Sent: Tuesday, July 27, 2004 10:17 AM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [ok] [Full-Disclosure] Possible Virus/Trojan

On Tuesday 27 July 2004 14:28, Todd Towles might have typed:
> Hey guys,
>
> I was able to finally get the file out of Outlook via add-on. The add-on
> moves file types from Level 1 to Level 2. Anyways, it wasn't detected as a
> virus and it is only 35 KBs in size. Kinda small.

35K is large enough to contain a virus that propagates via an internal SMTP 
engine and do other fun things like search google etc.

How up to date is your virus scanner?  Have you tried more than one virus 
scanner?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html