Focus on Virus
Back to list
RE: New/recent virus outbreak
Apr 20 2005 10:02PM
Nick Duda (nduda VistaPrint com)
What I can add to this is that Trend Micro wasnt detecting this Toofo.F properly. I called them and they acknowledged they had a problem with the DAT file (many customers called) and would have an update for it by end of day. Our Symantec AV (on the workstations) was picking them up and removing it.
Yes, the source from address was spoofed to look like it came from the user it went to (ie: if it went to John Doh , it came from JDoh), of course the headers where a different story. As of now still no fix from Trend....
From: Dan Denton [mailto:ddenton (at) PAYLESSOFFICE (dot) com [email concealed]]
Sent: Wed 4/20/2005 3:36 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: New/recent virus outbreak
Have anyone seen any virus infected emails coming from addresses with
usernames identical to those on your own email servers, but from domains
like hotmail.com or netzero.com ? These emails seem to be sent from a
spoofed email address such as example.user (at) netzero (dot) com [email concealed], and are sent to
example.user (at) mydomain (dot) com. [email concealed]
Also, the attached files are always zip files, and have been named
4.zip, 5.zip, 6.zip, and work.zip .
A bounce message from one of our customers suggests they blocked an
email from on of our users that was infected with trojan.tooso.F, but
the emails stopped don't exhibit those characteristics, And even
Symantec's write-up says this virus doesn't send it's own emails.
Is it possible there's a beagle variant that is spreading the Tooso
trojan as part of it's payload? Thanks in advance.
Information Technology Manager, CCNA
Pay-LESS Office Products
[ reply ]
Copyright 2010, SecurityFocus