Skip navigation.

Got an email-spammed virus.


MD5SUM: 4988ef8f16b40fc96f0bbe410df30702
SHA1SUM: 7ba788949036e30ca3ed346c88abe33585760c7d
SHA256SUM: 95bbde188afcce0fbb8060cb97e6a5433422f0adca65fb513f47217f50125961

The text of the message was:
>Mail server report.
>Our firewall determined the e-mails containing worm copies are being sent
>from your computer.
>Nowadays it happens from many computers, because this is a new virus type
>(Network Worms).
>Using the new bug in the Windows, these viruses infect the computer
>After the penetrating into the computer the virus harvests all the e-mail
>addresses and sends the copies of itself to these e-mail
>Please install updates for worm elimination and your computer restoring.
>Best regards,
>Customers support service

And the file name was Update-KB9676-x86.exe

ClamAV, our incoming scanner didn't detect it.

-- Pi

ClamAV didn't detect it -

ClamAV didn't detect it - thats odd!

I scanned it through Jotti and ClamAv picked it up as: Worm.Stration.AL-1

Odd. The Clam on OC didn't

Odd. The Clam on OC didn't see anything, nor did our milter.

ill make sure

we have updated signatures.