- Anyone seeing 21486 byte Attach.zip/password protected/.exe file?
- Posted by Don Taylor on March 3rd, 2004
Subject: ello! =))
I don't bite, weah!
48028 -- archive password
and a 21486 byte Attach.zip with password that contains gcqlk.exe.
Latest Norton scan sees nothing, googling finds nothing, searching
AV sites turns up nothing.
Spewed from Comcast with forged header claiming it is from
fp0@goaway.cc.monash.edu.au, as if that makes any difference.
I ain't gonna execute that, mummy didn't raise the stupid children.
- Posted by Will Dormann on March 3rd, 2004
Don Taylor wrote:
It's likely Bagle.K
-WD
- Posted by Michael Cecil on March 3rd, 2004
On Wed, 03 Mar 2004 17:09:52 -0600, dont@agora.rdrop.com (Don Taylor)
wrote:
It's W32.Beagle.A@mm trying to social engineer it's way past automatic
email AV scanners.
--
Michael Cecil
macecil@comcast.net
http://home.comcast.net/~macecil/howto/
http://home.comcast.net/~antiviruscd/
- Posted by Big Will on March 3rd, 2004
me@tadyatam.invalid wrote:
--
William
If it don't work, hit it
If it still don't work, kick it
If it works after hitting it or kicking it, then it doesn't matter if
that helped, what's important is it worked.
- Posted by Bass on March 3rd, 2004
"Don Taylor" <dont@agora.rdrop.com> wrote in message
news:3N6dncEgkvdd-NvdRVn-vg@scnresearch.com...
For what its worth , lately I have been receiving a heap of suspicious mail
from all sorts of edu sites such as yours - Monash is one of many . I don't
normally communicate with anyone from any of these places so I have just
been using mailwasher and deleting them at the server .
- Posted by Big Will on March 3rd, 2004
Bass wrote:
from field?
--
William
If it don't work, hit it
If it still don't work, kick it
If it works after hitting it or kicking it, then it doesn't matter if
that helped, what's important is it worked.
- Posted by Don Taylor on March 4th, 2004
Big Will <SPAMWSPAMiSPAMlSPAMlSPAMBSPAM4SPAMeSPAMvSPAAAAAMe SPAMMITTYrSPAAAAAM@nIeDONTtLIKEzSPAMero.net> writes:
Went ahead and unzipped it. Once decrypted Norton saw it and killed it.
W32.Beagle.H
So the password/encryption on the zip is going to get these right past
all the virus checkers. Cute. Is this worth reporting? Where?
And the game goes to the next level.
Thanks to everyone for help with the diagnosis
- Posted by Big Will on March 4th, 2004
Don Taylor wrote:
Art) that have encrypted archives attatched to them to be automatically
deleted.
--
William
If it don't work, hit it
If it still don't work, kick it
If it works after hitting it or kicking it, then it doesn't matter if
that helped, what's important is it worked.
- Posted by Bass on March 4th, 2004
"Big Will"
<SPAMWSPAMiSPAMlSPAMlSPAMBSPAM4SPAMeSPAMvSPAAAAAMe SPAMMITTYrSPAAAAAM@nIeDONT
tLIKEzSPAMero.net> wrote in message news:40467fa7$1@darkstar...
hi William , no I didn't trace back , I just went on the from field , which
I know doesn't mean much in these cases . But strange that they all seem to
come from edu domains . Because these messages aren't from anyone I know and
they look suspicious plus they all carry attachments I just delete em at the
server .
Bass
