I received a suspect mail and sent it off to the virus scan site.
: Subject SCAN. This is what they sent back)

The interesting thing is not that there was a virus the I was almost
sure the was..but how many sites *didn't* find it..

Complete scanning result of "WW_671282.zip", processed in VirusTotal
at 08/12/2008 14:39:39 (CET).

[ file data ]
* name..: WW_671282.zip
* size..: 49434
* md5...: aefa2457dce9214b1349403bba664d12
* sha1..: c4aa3c90299e783113bb5c97d830f15a618bb226
* peid..: -

[ scan result ]
AhnLab-V3 2008.8.12.0/20080812 found nothing
AntiVir 7.8.1.19/20080812 found [TR/Spy.ZBot.DPI]
Authentium 5.1.0.4/20080812 found [W32/Downldr2.DIFW]
Avast 4.8.1195.0/20080811 found nothing
AVG 8.0.0.156/20080812 found [Pakes_c.SH]
BitDefender 7.2/20080812 found [Trojan.Spy.Wsnpoem.GH]
CAT-QuickHeal 9.50/20080811 found nothing
ClamAV 0.93.1/20080812 found [Trojan.Zbot-1936]
DrWeb 4.44.0.09170/20080812 found nothing
eSafe 7.0.17.0/20080811 found nothing
eTrust-Vet 31.6.6027/20080812 found [Win32/Kollah.NG]
Ewido 4.0/20080812 found nothing
F-Prot 4.4.4.56/20080812 found [W32/Downldr2.DIFW]
F-Secure 7.60.13501.0/20080812 found [Trojan-Spy.Win32.Zbot.dvy]
Fortinet 3.14.0.0/20080812 found nothing
GData 2.0.7306.1023/20080812 found [Trojan-Spy.Win32.Zbot.dvy]
Ikarus T3.1.1.34.0/20080812 found [Win32.Outbreak]
K7AntiVirus 7.10.412/20080812 found nothing
Kaspersky 7.0.0.125/20080812 found [Trojan-Spy.Win32.Zbot.dvy]
McAfee 5358/20080811 found nothing
Microsoft 1.3807/20080812 found [PWS:Win32/Zbot.gen!G]
NOD32v2 3348/20080812 found [Win32/Spy.Agent.PZ]
Norman 5.80.02/20080812 found nothing
Panda 9.0.0.4/20080812 found nothing
PCTools 4.4.2.0/20080812 found nothing
Prevx1 V2/20080812 found nothing
Rising 20.57.12.00/20080812 found nothing
Sophos 4.32.0/20080812 found [Troj/Dloadr-BPX]
Sunbelt 3.1.1542.1/20080812 found [Trojan-Spy.Win32.Zbot.gen (v)]
Symantec 10/20080812 found [Trojan.Wsnpoem]
TheHacker 6.2.96.396/20080812 found nothing
TrendMicro 8.700.0.1004/20080812 found [TROJ_DLOADR.IM]
VBA32 3.12.8.3/20080811 found nothing
ViRobot 2008.8.12.1333/20080812 found nothing
VirusBuster 4.5.11.0/20080811 found nothing
Webwasher-Gateway 6.6.2/20080812 found [Win32.NewMalware.PU!59392]

On Tue, 12 Aug 2008 13:50:11 +0100, The Natural Philosopher
wrote:

I received a suspect mail and sent it off to the virus scan site.
: Subject SCAN. This is what they sent back)

The interesting thing is not that there was a virus the I was almost
sure the was..but how many sites *didn't* find it..

Interesting, but not surprising. Did you read this article
http://resources.zdnet.co.uk/articles/features/0,1000002000,39440184,00.htm:

----- Begin Quote -----

Eva Chen, chief executive of Trend Micro, has strong views about how
effective the antivirus industry has been over the past 20 years.
Show related
articles

According to Chen, the security industry has over-hyped how effective
its products are — and so has been misleading customers — for years.

Chen believes that no single company can offer adequate protection
against the sheer volume of new viruses that are being churned out by
cybercriminals. According to the security industry, five and a half
million new samples were detected in 2007.

----- End Quote -----
--
Martin Jay

The Natural Philosopher wrote:
I received a suspect mail and sent it off to the virus scan site.
: Subject SCAN. This is what they sent back)

The interesting thing is not that there was a virus the I was
almost sure the was..but how many sites *didn't* find it..

Not that surprising really. If it's a new one, I imagine it'll take a few
days before all the companies become aware of it and update their virus
definition files. Probably if you resubmitted it tomorrow, there would be a
far higher detection rate.

At the end of the day, common sense is your first line of defence against
viruses. You'd have to be a real dweeb to imagine that a file with a name
like "WW_671282.zip" attched to an email *wasn't" a virus.

Tim

Tim Downie wrote:
The Natural Philosopher wrote:
I received a suspect mail and sent it off to the virus scan site.
: Subject SCAN. This is what they sent back)

The interesting thing is not that there was a virus the I was
almost sure the was..but how many sites *didn't* find it..

Not that surprising really. If it's a new one, I imagine it'll take a few
days before all the companies become aware of it and update their virus
definition files. Probably if you resubmitted it tomorrow, there would be a
far higher detection rate.

At the end of the day, common sense is your first line of defence against
viruses. You'd have to be a real dweeb to imagine that a file with a name
like "WW_671282.zip" attched to an email *wasn't" a virus.

Tim


trouble is the Dweebs live amongst us ,I am working with 300+
programmers and professionals for a Major credit card company and last
week alone we have had 6 different viruses caused by them opening dodgy
emails or surfing weird sites during lunch breaks

--
Kevin R
Reply address works

"Kevin" wrote in message
...

trouble is the Dweebs live amongst us ,I am working with 300+
programmers and professionals for a Major credit card company and last
week alone we have had 6 different viruses caused by them opening dodgy
emails

I just don't see them. I don't know what virus filtering services my ISP
(34sp) uses but pretty well nothing at all ever gets through.

Look, hardly any email uses actually *want* to receive these viruses, surely
to goodness, so why doesn't *every* ISP just silently dump them by default?

--
Tim Ward
Brett Ward Limited - www.brettward.co.uk

On Tue, 12 Aug 2008 13:50:11 +0100, The Natural Philosopher
wrote:

I received a suspect mail and sent it off to the virus scan site.
: Subject SCAN. This is what they sent back)

I'm surprised it reached there at all...LOL


The interesting thing is not that there was a virus the I was almost
sure the was..but how many sites *didn't* find it..

Tim Downie wrote:
The Natural Philosopher wrote:
I received a suspect mail and sent it off to the virus scan site.
: Subject SCAN. This is what they sent back)

The interesting thing is not that there was a virus the I was
almost sure the was..but how many sites *didn't* find it..

Not that surprising really. If it's a new one, I imagine it'll take a few
days before all the companies become aware of it and update their virus
definition files. Probably if you resubmitted it tomorrow, there would be a
far higher detection rate.

At the end of the day, common sense is your first line of defence against
viruses. You'd have to be a real dweeb to imagine that a file with a name
like "WW_671282.zip" attched to an email *wasn't" a virus.


Oh, I totally agree.

But this is not a particularly new one I think.
Tim

Trouble is, they are designed to look like something else.

I suspect the OP may have received the same or a similar email to the
one I got this morning, which claimed to be from UPS concerning a
package I had posted a month ago. What I presume was a payload
pretended to be some sort of form 'UPS' wanted me to complete, in a
zip. Fortunately, I haven't posted anything via UPS recently, so I
knew straight away it was spam, and killfiled it.

Recently, I have also received spam pretending to be from Microsoft in
conjunction with one of the phone companies, or perhaps it was the
other way round, saying that I had won a draw for Microsoft website
users. As I do have a Microsoft website ID, and Microsoft do have
some form of relationship with that company, this was potentially
quite convincing, especially as I need the money! Nevertheless I
forwarded the letter to the phone company's CS department to ask if it
was genuine. As I had no reply, I eventually presumed it was fake and
killfiled it.

There have been a number of other such recently, but I can't remember
details now. I think one concerned the National Lottery, or Premium
Bonds, or perhaps there was one of each.

AFAICR the one thing they all had in common was that the email address
of the sender didn't appear to be connected with the company being
impersonated. Accordingly I would advise anyone that receives an
unexpected email to check
1) That the sender's email address is from a domain controlled by the
company/ies purporting to be contacting you - in the Microsoft
example, does it actually come from microsoft.com, or the actual phone
company's domain, rather than just a superficially similar domain
name.
2) Try and learn to check out and understand email headers, so you
can get some sort of idea of the route the mail took to reach you.

Anything you are not convinced of, try and obtain local expert advice.

Anything that definitely doesn't add up, leave well alone.

Also emails are sent unencrypted, and can be trawled as they cross the
net. Never give out anything like bank or other such details to
anyone in an email.

I've even had my mobile number trawled like that - when I emailed it
to someone a few months ago, I started to receive porno texts within
24 hours. I contacted both my phone company's CS and some overview
umbrella organisation explaining the illegal way the number must have
been obtained, and the texts stopped without my ever having to reply
to them, or my being charged for them.

On Tue, 12 Aug 2008 15:26:23 +0100, "Tim Ward"
wrote:

Look, hardly any email uses actually *want* to receive these viruses, surely
to goodness, so why doesn't *every* ISP just silently dump them by default?

The Natural Philosopher wrote:

But this is not a particularly new one I think.

Oh the payload attached to the UPS emails has been changing pretty
rapidly, far faster than some AV vendors update their virus
definitions. Once a day doesn't really cut it any more.

The advice not to follow links or open attachments unless you've
confirmed in some way that they are genuine is much more useful.
Especially as the scam ones like this are getting more convincing.

--
http://lnr.livejournal.com/

Tim Ward wrote:
"Kevin" wrote in message
...

trouble is the Dweebs live amongst us ,I am working with 300+
programmers and professionals for a Major credit card company and last
week alone we have had 6 different viruses caused by them opening dodgy
emails

I just don't see them. I don't know what virus filtering services my ISP
(34sp) uses but pretty well nothing at all ever gets through.

Look, hardly any email uses actually *want* to receive these viruses, surely
to goodness, so why doesn't *every* ISP just silently dump them by default?

thats ok if your ISP knows its a virus, how it differentiates between an
unknown virus and your friend emailing you a holiday video Zipped up is
where the problem lies, do you want your ISP to filter out a wanted
emails because it might be a virus?

--
Kevin R
Reply address works