FYI: Avert Labs Dat Release Notification: 4915 Emergency Dat Files Release

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
The 4915 dat files have been released early as a precaution for
Exploit-MSWord.b,
http://vil.mcafeesecurity.com/vil/content/v_141056.htm

The various 4915 dat file packages can be found at
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

Best Regards,

McAfee Avert Labs - Come visit our Blog -
http://www.avertlabs.com/research/blog /

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: FYI: Avert Labs Dat Release Notification: 4915 Emergency Dat Files Release

On Sun, 10 Dec 2006 13:26:14 GMT, "David H. Lipman"

Quoted text here. Click to load it

David, this is old news now but I happened to visit F-Secure's
blog the other day where I noticed their discussion of a
unpatched vulnerability in many MS Office apps which this
McAfee update may be related to:
http://www.f-secure.com/weblog /
I just checked, and the discussion and warning is still there
for anyone interested.

The real reason I post though is on a different subject.
Twice now in the past few days I've been bombarded
with emails from McAfee Avert Labs concerning malware
sample submissions that I haven't made :) How does this
happen, I wonder? They all look legit and "real" to me.
How is it that a "confusion of sender" situation arises
when someone submits samples? At least that's all I
can make out of it ... that someone is sending samples
and the responses from Avert are sent to me.

Is this a situation where a person infested with some
"confusion of sender" worm or other malware on his
machine is submitting samples? Anyone else ever seen
this particular kind of mis-mailings (from av vendors?)

Art
http://home.epix.net/~artnpeg

Re: FYI: Avert Labs Dat Release Notification: 4915 Emergency Dat Files Release


|
| David, this is old news now but I happened to visit F-Secure's
| blog the other day where I noticed their discussion of a
| unpatched vulnerability in many MS Office apps which this
| McAfee update may be related to:
| http://www.f-secure.com/weblog /
| I just checked, and the discussion and warning is still there
| for anyone interested.
|
| The real reason I post though is on a different subject.
| Twice now in the past few days I've been bombarded
| with emails from McAfee Avert Labs concerning malware
| sample submissions that I haven't made :) How does this
| happen, I wonder? They all look legit and "real" to me.
| How is it that a "confusion of sender" situation arises
| when someone submits samples? At least that's all I
| can make out of it ... that someone is sending samples
| and the responses from Avert are sent to me.
|
| Is this a situation where a person infested with some
| "confusion of sender" worm or other malware on his
| machine is submitting samples? Anyone else ever seen
| this particular kind of mis-mailings (from av vendors?)
|
| Art
| http://home.epix.net/~artnpeg

Plaese send me one of those alleged emails from McAfee with Full Headers and
Body.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: FYI: Avert Labs Dat Release Notification: 4915 Emergency Dat Files Release

On Tue, 12 Dec 2006 21:49:30 GMT, "David H. Lipman"

Quoted text here. Click to load it

I forwarded four that I hadn't yet fully trashed. Let me know if you
receive them, and also if the headers and messages are all intact.
If not, I can probably do copy and paste of them. I use T-bird which
does allow me to view the headers, so I should be able to copy
them somehow if necessary.

Art
http://home.epix.net/~artnpeg

Re: FYI: Avert Labs Dat Release Notification: 4915 Emergency Dat Files Release


| On Tue, 12 Dec 2006 21:49:30 GMT, "David H. Lipman"
|
Quoted text here. Click to load it
|
| I forwarded four that I hadn't yet fully trashed. Let me know if you
| receive them, and also if the headers and messages are all intact.
| If not, I can probably do copy and paste of them. I use T-bird which
| does allow me to view the headers, so I should be able to copy
| them somehow if necessary.
|
| Art
| http://home.epix.net/~artnpeg

Received and replied to.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: FYI: Avert Labs Dat Release Notification: 4915 Emergency Dat Files Release

"Art" wrote:

Quoted text here. Click to load it

Probably a spammer forged your address in the "From", and spammed the
virus submission address.

Quoted text here. Click to load it

I get this "backscatter" every day as rejection messages from ISP's,
out of office replies, mailing list confirmations, etc. for mail I
never sent. In my case, it's always a spammer who has forged my
address as the sender. I've not yet had one from an AV company.



Re: FYI: Avert Labs Dat Release Notification: 4915 Emergency Dat Files Release


Quoted text here. Click to load it

I don't get it. What's in it for the spammer?

Quoted text here. Click to load it

I receive a relatively small amount of misdirected mailings. Of these,
a few seem to be due to my email addy being in a infested
machine. Other misdirected mailings are a mystery to me.  Again, I
don't understand why you blame this on spammers. Is there
a type of "spammer" who just plays games for the helluvit with no
financial reward as the purpose? Doesn't make sense to me. What
am I missing?

Art
http://home.epix.net/~artnpeg

 

Re: FYI: Avert Labs Dat Release Notification: 4915 Emergency Dat Files Release

"Art" wrote:

Quoted text here. Click to load it

Spammers don't use their own email address as the sender. They have
a "millions" CD full of addresses scraped from the Internet (or
guessed, using common, or not so common, "names@" combined with known
domains) to be used as spam targets; i.e. the "To" fields. Rather than
invent their own "From" fields, it's easier for them to use the ones
on their list as the bogus senders.

Quoted text here. Click to load it

More likely a spammer or malware distributer is in control of that
machine, and your address is on his list (perhaps scraped from the
address book of the trojaned machine, and used in the spew as the
"From").

Quoted text here. Click to load it

It's staightforward and very common. A spammer spams an address (not
yours) for which mail is accepted during the SMTP transaction but
rejected or auto-responded to later, for whatever reason. Your address
has been used as the fake sender, so you get mail.



Site Timeline