Re: A new one.
From: N. Miller (nsm_at_blackhole.aosake.net)
Date: 03/13/04
- Previous message: alfred_at_e.neumann: "[C&C]Re: A new one."
- In reply to: yours_most_truly: "Re: A new one."
- Next in thread: N. Miller: "Re: A new one."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 13 Mar 2004 00:40:00 -0800
In article <d9253152.0403122304.4139bb27@posting.google.com>,
asclero@zdnetonebox.com says...
> eddie <eddie@eddie.web> wrote in message news:<pan.2004.03.12.21.42.37.328000@eddie.web>...
> > On Fri, 12 Mar 2004 10:16:02 -0800, yours_most_truly wrote:
> > > Yesterday an e-mail message purportedly from Microsoft arrived, urging me
> > > to open its attachment for a security update. The MS website states that
> > > any updates arriving as attachments to e-mails are bogus.
> > > Should I just zap the sucker or does Microsoft have a safe
> > > recepticle I can forward it to where they can dissect it?
> > What does you antivirus software say about it?
> I decided to zap it after starting this thread. It had a hinky
> message source too. I then ran an antivirus with current definitions
> and it found nothing.
> I may have picked it up when I posted in a group which is subject to
> harvesting but not carried by google, so I used a real address rather
> than this one. My ISP does have virus and spam filters, but since I
> had been using a dated version of its software (unbeknownst to me, but
> now updated), they weren't operating. They are now.
> I never opened the attachment, nor did I mail it to anyone. I hope
> this answers everyone's questions and comments.
Fair enough. Now for an observation. Some time during the afternoon of
Monday, March 8, 2004, I received notice that NAV 2003 had received new
definitions via LiveUpdate. I took that opportunity to manually update my
backup AV, F-Prot for DOS.
Approximately 12:04 A.M., Wednesday, March 10, 2004 I received an email,
with attachment, that sailed through the Mercury Mail AV Policy (it calls F-
Prot for DOS), and NAV 2003 (it normally alerts on infected attachments when
I try to save them to disk). The attachment contained a .zip file, no
password; the .zip file contained a .exe file. The sender was not known to
me.
I then checked with the Symantec site for the latest definitions; mine were
dated March 8, 2004, but their Intelligent Updater had definitions for March
9, 2004. I ran IU, and tried that file again. The suspicious file tested
clean. I renamed the .zip and encrypted it, per the Symantec site submission
instructions (the NAV 2003 auto submission kept hanging with no data sent),
and sent it by email. Five, or so, minutes later they returned a scan
result, and it was infected. They also included a link to new definitions.
At 1:30 A.M. on March 10, 2004 they provided me with definitions that caught
that beastie. The caution in this tale is that even if your definitions are
just hours old, you aren't necessarily safe.
Oh, that is the first time I was ever on the cutting edge of a malware
release.
-- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint
- Previous message: alfred_at_e.neumann: "[C&C]Re: A new one."
- In reply to: yours_most_truly: "Re: A new one."
- Next in thread: N. Miller: "Re: A new one."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
