At 11:16 AM 09-01-04 -0800, Brennan_Murphy@NAI.com wrote:
Send it in to AVERT. It's free analysis and will give you recommendations for how to deal with it:
https://www.webimmune.net/default.asp
...does require registration but again, it's free.
or email it in per instructions here:
http://vil.nai.com/vil/submit-sample.asp
other vendors may have similar mechanisms.
If you get a new virus here are some addresses: Command Software <virus@commandcom.com> Computer Associates (US) <virus@ca.com> Computer Associates (Vet/EZ) <ipevirus@vet.com.au> DialogueScience (Dr. Web) <Antivir@dials.ru> Eset (NOD32) <sample@nod32.com> F-Secure Corp. <samples@f-secure.com> Frisk Software (F-PROT) <viruslab@f-prot.com> Grisoft (AVG) <virus@grisoft.cz> H+BEDV (AntiVir): <virus@antivir.de> Kaspersky Labs <newvirus@kaspersky.com> Network Associates (McAfee) <virus_research@avertlabs.com> Norman (NVC) <analysis@norman.no> Sophos Plc. <support@sophos.com> Symantec (Norton) <avsubmit@symantec.com> Trend Micro (PC-cillin) <virus_doctor@trendmicro.com> -Hank
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Scott Granados Sent: Friday, January 09, 2004 12:43 PM To: nanog@merit.edu Subject: interesting new virus, maybe???
I'm not sure if anyone has seen this or if its just to early but.
While opening mail, <not with a microsoft outlook product> I found something which looked different. The message was from pgp-public-key and said "Here is my key". When you look at the attachment its called youremail.doc.com obviously something meant to be executed. What struck
me as different from the top was it wasn't from a support@microsoft or some such address it specifically mentioned pgp_public_key. Also, I obviously didn't try to run the code or do anything with it, it is 76 K in size and again called youremail.doc.com.
I haven't tried a virus scanner against it yet but will later.
Thanks
Scott