[Dshield] Observation

John B. Holmblad jholmblad at aol.com
Thu Aug 25 20:08:04 GMT 2005


probably just a coincidence relative to your question, but, for the 
first time in a year, Symantec A/V running the system on which I pull 
down email from my service providers, on Aug 20th caught a viral 
attachment which is one of the MS05-039 vulnerability variants..

    Source: payment.doc .pif
    Description: The email attachment payment.doc .pif within
    billing_info.zip is infected with the W32.Bobax.AF at mm virus.
    Click for more information about this virus : W32.Bobax.AF at mm

Since this happens so infrequently, i.e. that my  a/v signatures seem to be updated before those of my service providers, I can only assume that one or both of them, were, at that  moment, having a hard time keeping up with the perps.

Best Regards,

John Holmblad

Televerage International

(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388

primary email address:     jholmblad at aol.com
backup email address:      jholmblad at verizon.net

More information about the list mailing list