[66400] in North American Network Operators' Group
RE: interesting new virus, maybe???
daemon@ATHENA.MIT.EDU (Hank Nussbacher)
Sat Jan 10 11:53:07 2004
Date: Sat, 10 Jan 2004 18:51:48 +0200
To: <Brennan_Murphy@NAI.com>, <scott@wworks.net>, <nanog@merit.edu>
From: Hank Nussbacher <hank@att.net.il>
In-Reply-To: <FF6F5696A661404E8E2C0DF39A1D72B603041F9C@sncexmb1.corp.nai
.org>
Errors-To: owner-nanog-outgoing@merit.edu
At 11:16 AM 09-01-04 -0800, Brennan_Murphy@NAI.com wrote:
>Send it in to AVERT. It's free analysis and will give you
>recommendations for how to deal with it:
>
>https://www.webimmune.net/default.asp
>
>...does require registration but again, it's free.
>
>or email it in per instructions here:
>
>http://vil.nai.com/vil/submit-sample.asp
>
>other vendors may have similar mechanisms.
If you get a new virus here are some addresses:
Command Software <virus@commandcom.com>
Computer Associates (US) <virus@ca.com>
Computer Associates (Vet/EZ) <ipevirus@vet.com.au>
DialogueScience (Dr. Web) <Antivir@dials.ru>
Eset (NOD32) <sample@nod32.com>
F-Secure Corp. <samples@f-secure.com>
Frisk Software (F-PROT) <viruslab@f-prot.com>
Grisoft (AVG) <virus@grisoft.cz>
H+BEDV (AntiVir): <virus@antivir.de>
Kaspersky Labs <newvirus@kaspersky.com>
Network Associates (McAfee) <virus_research@avertlabs.com>
Norman (NVC) <analysis@norman.no>
Sophos Plc. <support@sophos.com>
Symantec (Norton) <avsubmit@symantec.com>
Trend Micro (PC-cillin) <virus_doctor@trendmicro.com>
-Hank
>-----Original Message-----
>From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
>Scott Granados
>Sent: Friday, January 09, 2004 12:43 PM
>To: nanog@merit.edu
>Subject: interesting new virus, maybe???
>
>
>
>I'm not sure if anyone has seen this or if its just to early but.
>
>While opening mail, <not with a microsoft outlook product> I found
>something which looked different. The message was from pgp-public-key
>and
>said "Here is my key". When you look at the attachment its called
>youremail.doc.com obviously something meant to be executed. What struck
>
>me as different from the top was it wasn't from a support@microsoft or
>some such address it specifically mentioned pgp_public_key. Also, I
>obviously didn't try to run the code or do anything with it, it is 76 K
>in
>size and again called youremail.doc.com.
>
>I haven't tried a virus scanner against it yet but will later.
>
>Thanks
>
>Scott
