[Dshield] Suspicious email

Lane Weast lweast at leeclerk.org
Wed Aug 29 13:08:09 GMT 2001


The ZL9 file extension is used by Zone Alarm as a quarenteen extention to
make virus infected executable's non executable. ZL9 may be used by other
applications as well but I have not seen it anywhere else.

What this might be is, the sircam virus sending a random file from the host
pc and Zone Alarm catching it and changing the file extension..??

> -----Original Message-----
> From: Samantha [mailto:sama at enteract.com]
> Sent: Wednesday, August 29, 2001 7:47 AM
> To: 'dshield at dshield.org'
> Subject: [Dshield] Suspicious email
> 
> 
> Good morning,
> 
> I thought I'd present this to you all...
> The other day I received an email from a "wayne rudd" at 
> puttcoach at earthlink.net.
> Subject is: LaserJet 4 Plus\\Mh
> 
> The email contains a file JDBGMGR.zl9 (not sure what the extension is)
> and below the attachment it just says:
> "LaserJet 4 Plu."
> 
> I searched all over the place trying to find any information 
> when I received it the
> other day, but was unable to.
> Has anyone seen this, or know what it is?
> 
> Cheers,
> Samantha
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www1.dshield.org/mailman/listinfo/dshield
> 




More information about the list mailing list