Hi, I got a suspicious mail this morning which looked very like a virus, and I'm now receiving reports from a neighbouring institution that they are getting hit with the same thing. It is rumored to be a new variant of Bagle, though noting I have picks it up yet.
The mail goes something like this:- ================================ Dear user of acu.ac.uk, We have received reports that your e-mail account was used to send a huge amount of junk e-mail messages during this week. Most likely, your computer was infected and now runs a trojaned proxy server. Please follow the instruction in order to keep your computer safe. Sincerely yours, The acu.ac.uk support team." ================================ It also contains at attached zip file, which contains a file named amcluv.htm(lots of embedded nulls).com The neighbouring institution had their domain in the mail, instead of mine, so the virus appears to be attempting a bit of socian engineering. Also, the from address was forged to be from MAILER-DAEMON at my domain. Has anyone else seem this? I've submitted it to the ClamAV database, and received a "thank you" note, telling me the submission has not been added, and giving no information as to why not, which is less helpful than I'd have hoped... The online scanner does not currently pick it up. Is there a way I can manually extract a signature to add to my local database, if ClamAV won't do it? Mike. ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
