On Mon, 26 Apr 2010, Joseph Brennan wrote:
empty and there was a single attachment "transcript.zip".
Very old-school, using pif and scr file extensions and the name with a lot of spaces in it (actually more spaces than I show here).
After posting, I found that a few other passed through, and a few were blocked, all coming from 113.167.75.53, which curiously responds to a reverse DNS query as "localhost", and is in an IP range in Vietnam.
It's almost like a very old virus that got reactivated somehow. How many email viruses do you even see these days? Did antivirus provide a name for this thing?
We are currently running with antivirus disabled, because the most recent clamav is incompatible with our OS version and we cannot upgrade soon.
But looking around, I suspect it could be w32.mydoom...@mm. -- ------------------------------------------------------------------------ Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy) For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html ------------------------------------------------------------------------
