At 4:30 PM +0300 10/15/09, Jari Fredriksson wrote:
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=_6GorA2txt0CVliaTmJuBPNhCIqDzZA"
Content-Disposition: inline
Undetected IRS scam variant.
http://www.iki.fi/jarif/malware/tax-statement.exe
--
http://www.iki.fi/jarif/
"You don't have permission to access /~jarif/ikipage/malware/tax-statement.exe
on this server." :-(
Also to you have link url to that samples as well. But that should
have been detected than winnow.malware.ts.irs.1.UNOFFICIAL unless
they changed their attack vector.
Tom
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
