[Dshield] Observation

John B. Holmblad jholmblad at aol.com
Thu Aug 25 20:08:04 GMT 2005


Paul,

probably just a coincidence relative to your question, but, for the 
first time in a year, Symantec A/V running the system on which I pull 
down email from my service providers, on Aug 20th caught a viral 
attachment which is one of the MS05-039 vulnerability variants..

    Source: payment.doc .pif
    Description: The email attachment payment.doc .pif within
    billing_info.zip is infected with the W32.Bobax.AF at mm virus.
    Click for more information about this virus : W32.Bobax.AF at mm
    <http://www.sarc.com/avcenter/cgi-bin/virauto.cgi?vid=34986>


Since this happens so infrequently, i.e. that my  a/v signatures seem to be updated before those of my service providers, I can only assume that one or both of them, were, at that  moment, having a hard time keeping up with the perps.

-- 
Best Regards,

John Holmblad

Televerage International
GSEC Gold,GCWN Gold,GGSC-0100,NSA-IAM

(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388

primary email address:     jholmblad at aol.com
backup email address:      jholmblad at verizon.net



More information about the list mailing list