interesting new virus, maybe???

Hank Nussbacher hank at att.net.il
Sat Jan 10 16:51:48 UTC 2004 

At 11:16 AM 09-01-04 -0800, Brennan_Murphy at NAI.com wrote:

>Send it in to AVERT. It's free analysis and will give you
>recommendations for how to deal with it:
>
>https://www.webimmune.net/default.asp
>
>...does require registration but again, it's free.
>
>or email it in per instructions here:
>
>http://vil.nai.com/vil/submit-sample.asp
>
>other vendors may have similar mechanisms.

If you get a new virus here are some addresses:

Command Software             <virus at commandcom.com>
Computer Associates (US)     <virus at ca.com>
Computer Associates (Vet/EZ) <ipevirus at vet.com.au>
DialogueScience (Dr. Web)    <Antivir at dials.ru>
Eset (NOD32)                 <sample at nod32.com>
F-Secure Corp.               <samples at f-secure.com>
Frisk Software (F-PROT)      <viruslab at f-prot.com>
Grisoft (AVG)                <virus at grisoft.cz>
H+BEDV (AntiVir):            <virus at antivir.de>
Kaspersky Labs               <newvirus at kaspersky.com>
Network Associates (McAfee)  <virus_research at avertlabs.com>
Norman (NVC)                 <analysis at norman.no>
Sophos Plc.                  <support at sophos.com>
Symantec (Norton)            <avsubmit at symantec.com>
Trend Micro (PC-cillin)      <virus_doctor at trendmicro.com>

-Hank



>-----Original Message-----
>From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
>Scott Granados
>Sent: Friday, January 09, 2004 12:43 PM
>To: nanog at merit.edu
>Subject: interesting new virus, maybe???
>
>
>
>I'm not sure if anyone has seen this or if its just to early but.
>
>While opening mail, <not with a microsoft outlook product> I found
>something which looked different.  The message was from pgp-public-key
>and
>said "Here is my key".  When you look at the attachment its called
>youremail.doc.com obviously something meant to be executed.  What struck
>
>me as  different from the top was it wasn't from a support at microsoft or
>some such address it specifically mentioned pgp_public_key.  Also, I
>obviously didn't try to run the code or do anything with it, it is 76 K
>in
>size and again called youremail.doc.com.
>
>I haven't tried a virus scanner against it yet but will later.
>
>Thanks
>
>Scott

More information about the NANOG mailing list