Re: [Clamav-users] paypal trojan

Thu, 15 Jan 2004 03:05:01 -0800 

Hello Trog,

Thursday, January 15, 2004, 2:23:33 PM, you wrote:

T> Hi all,

T> Have submitted a sample of an email message doing the rounds purporting to be
T> from paypal and containing a zip file with an executable in it.

T> Kaspersky identified the message as:
T> paypal.exe Packed: UPX
T> paypal.zip/paypal.exe Infected: TrojanDownloader.Win32.Small.cz 

T> Clam doesn't recongnise it yet, but hopefully the guys (and they do a great job)
T> will remedy this real soon.

T> Cheers,
T> -trog

# clamscan -v -r --mbox /var/virusmails/
/var/virusmails//virus-20040114-185021-24369-10: Worm.Gibe.F FOUND
/var/virusmails//virus-20040112-120601-15098-04: Worm.Mimail.J FOUND
/var/virusmails//virus-20040115-141942-25682-04: Worm.Gibe.F FOUND
/var/virusmails//virus-20040115-141944-25683-04: Worm.Gibe.F FOUND
/var/virusmails//virus-20040114-195750-29402-06: Worm.Gibe.F FOUND
/var/virusmails//virus-20040115-115800-11365-02: Worm.Mimail.J FOUND
/var/virusmails//virus-20040113-120704-22122-02: Worm.Mimail.J FOUND

----------- SCAN SUMMARY -----------
Known viruses: 40202
Scanned directories: 1
Scanned files: 7
Infected files: 7
Data scanned: 0.46 MB
I/O buffer size: 131072 bytes
Time: 2.327 sec (0 m 2 s)

#  more /var/virusmails/virus-20040113-120704-22122-02
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: virus-quarantine
X-Envelope-To: <[EMAIL PROTECTED]>
X-Envelope-From: <[EMAIL PROTECTED]>
X-Quarantine-id: <virus-20040113-120704-22122-02>
Received: from localhost (172-122.static.alkar.net [195.248.172.122])
        by myhost.ru (Postfix) with SMTP id E4D3413963
        for <[EMAIL PROTECTED]>; Tue, 13 Jan 2004 12:06:14 +0500 (YEKT)
From: "PayPal.com" <[EMAIL PROTECTED]>
To: User <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-Priority: 1 (High)
Subject: IMPORTANT                                           kaakrair
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------675053470039030"
Message-Id: <[EMAIL PROTECTED]>
Date: Tue, 13 Jan 2004 12:06:14 +0500 (YEKT)
X-AMaViS-Alert: INFECTED, message contains virus: Worm.Mimail.J
X-Amavis-Alert: BANNED FILENAME, message contains part named:
 www.paypal.com.pif


-- 
With best wishes,
 vlad                            mailto:[EMAIL PROTECTED]

System/Network Administrator
TV/Video Engeneer
ICQ 163227020

--------------------------------------------------------
Величайший урок жизни - знание, что даже дураки иногда бывают правы. 



-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to