Re: New Virus?

securityfocus_at_abab.us
Date: 06/29/05

  • Next message: michaelfabila_at_gmail.com: "Re: Finding a content filter that does not show administrator message contents" 
    To: security-basics@securityfocus.com
Date: Tue, 28 Jun 2005 19:10:28 -0400

    Ewww, looks like it's bagle once again:

    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129512

    You'd better get that pc cleaned asap. Usually I trust Norton more but
    it looks like McAfee beat them to the punch this time.

    Good luck with your infection, and thanks for letting us know there's
    another variant floating around.

    On Mon, 27 Jun 2005 22:41:49 +0000, "Hamish Stanaway"
    <koremeltdown@hotmail.com> said:
    > Hey there everyone,
    >
    > I recieved a mysterious email this morning at 1728 GMT which had headers
    > as
    > follows:
    >
    > Return-path: <hamish1@voyager.co.nz>
    > Envelope-to: hamish1@webhosting.net.nz
    > Delivery-date: Tue, 28 Jun 2005 05:22:44 +1200
    > Received: from [217.125.252.60] (helo=david.org)
    > by fearless.absolutewebhosting.biz with smtp (Exim 4.24)
    > id 1DmxJg-0003ou-Rg
    > for hamish1@webhosting.net.nz; Tue, 28 Jun 2005 05:22:41 +1200
    > Date: Mon, 27 Jun 2005 19:20:42 +0100
    > To: "Hamish" <hamish1@webhosting.net.nz>
    > From: "Hamish" <hamish1@voyager.co.nz>
    > Subject: The picture is sent on SMS
    > Message-ID: <pvkpnopcnwraqblcgfg@webhosting.net.nz>
    > MIME-Version: 1.0
    > Content-Type: multipart/mixed;
    > boundary="--------hukvuvgobciyuhmojdug"
    >
    > -------------------- END SNIP-----------------------
    >
    > As you can guess, I'm hamish1@webhosting.net.nz.
    > This email contained no text, only an attachment called legs.zip, which
    > Norton (fully updated to its' latest version and data files) did not
    > detect
    > any viruses in.
    > Within the legs.zip file there is a file called ds-rwe.exe - this again
    > was
    > not detected as a virus.
    > My girlfriend thought she would be smart and ran ds-rwe.exe, which gave
    > me a
    > memory overflow message for explorer.exe immidiately.
    > Does anyone have any idea of what this might be, and also if it is a
    > virus
    > that has already been identified? If not, I am willing to pass it through
    > to
    > someone to take a look at in its' zip format.
    > Otherwise if the effects cannot be reversed, I am afraid I will have to
    > reformat this machine *sigh* NOT AGAIN :(
    > Have a great day everyone and thanks in advance for your help.
    >
    >
    > Kindest of regards,
    >
    > Hamish Stanaway, CEO
    >
    > Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
    > Auckland, New Zealand
    >
    > http://www.webhosting.net.nz
    > http://www.buywebhosting.co.nz
    > http://www.koreworks.com
    >
    >

  • Next message: michaelfabila_at_gmail.com: "Re: Finding a content filter that does not show administrator message contents"