[Sres-postdocs] Fwd: [Litss] VIRUS ALERT: Confirmation for Order WC2195136

John Boland john.boland at anu.edu.au
Mon Aug 14 09:22:27 EST 2006 

FYI, I personally got 2 of these so I suspect there will be others within SRES.

Please do NOT open them, just delete them.

Regards
John


>From: David Howse <david.howse at anu.edu.au>
>Date: Sun, 13 Aug 2006 11:54:59 +1000
>To: litss at anu.edu.au
>Subject: [Litss] VIRUS ALERT: Confirmation for Order WC2195136
>
>>From: billing support <info at circuitcity.com>
>>Date: 13 August 2006 11:40:48 AM
>>To: XXX at anu.edu.au
>>Subject: Confirmation for Order WC2195136
>>
>>Dear Sir/Madam,
>>
>>Thank you for shopping with our internet shop. Your order,
>>WC2195136, has been received. Summary of your order you can see in
>>the attachment file.
>
>We've seen a number of variants of this doing the rounds.
>
>Attached to the email is a .zip file, containing a single .exe.  It's
>NOT currently being detected by many vendors:
>
>Antivirus       Version         Update          Result
>AntiVir         6.35.1.0        08.12.2006      HEUR/Crypted.Modified
>Authentium      4.93.8          08.13.2006      W32/Downloader.AFMJ
>Avast           4.7.844.0       08.10.2006      no virus found
>AVG             386             08.11.2006      no virus found
>BitDefender     7.2             08.13.2006      Generic.Malware.dld!!.8BEA1F53
>CAT-QuickHeal   8.00            08.12.2006      (Suspicious) - DNAScan
>ClamAV          devel-20060426  08.13.2006      no virus found
>DrWeb           4.33            08.12.2006      DLOADER.Trojan
>eTrust-InocIT   23.72.94        08.12.2006      no virus found
>eTrust-Vet      30.3.3012       08.11.2006      no virus found
>Ewido           4.0             08.12.2006      no virus found
>Fortinet        2.77.0.0        08.12.2006      suspicious
>F-Prot          3.16f           08.13.2006      security risk named 
>W32/Downloader.AFMJ
>F-Prot4         4.2.1.29        08.11.2006      Possibly a new 
>unknown PE_Virus!Maximus
>Ikarus          0.2.65.0        08.11.2006      no virus found
>Kaspersky       4.0.2.24        08.13.2006 
>Trojan-Downloader.Win32.Tiny.dx
>McAfee          4827            08.11.2006      no virus found
>Microsoft       1.1508          08.04.2006      no virus found
>NOD32v2         1.1704          08.11.2006      probably unknown 
>NewHeur_PE virus
>Norman          5.90.23         08.11.2006      Suspicious_F.gen
>Panda           9.0.0.4         08.12.2006      Suspicious file
>Sophos          4.08.0          08.12.2006      no virus found
>Symantec        8.0             08.13.2006      no virus found
>TheHacker       5.9.8.191       08.13.2006      no virus found
>UNA             1.83            08.11.2006      no virus found
>VBA32           3.11.0          08.11.2006      no virus found
>VirusBuster     4.3.7:9         08.12.2006      no virus found
>
>(via www.virustotal.com)
>
>I've reported it to Sophos.
>
>The usual advice applies, delete, don't open.
>
>--
>David Howse
>Systems & Desktop Services
>Division of Information  3K
>The Australian  National University
>Canberra ACT 0200 Australia
>
>Tel: +61 2 6125 3583
>Fax: +61 2 6125 7699
>
>CRICOS Provider #00120C
>
>
>_______________________________________________
>Litss mailing list
>Litss at anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/litss

More information about the Sres-postdocs mailing list