Hmmmm

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Got a standard "message cannot be delievered" in my inbox along with an
attachment, so it was off to see if I had a backdoored malware awaiting
me.

The reason for the bounce back:
  Reason: LMTP transmission failure has occurred
  Diagnostic code: smtp;522 5.2.0 Delivery failed: Over quota

As to the attachment:
++++ Attachment: No Virus found
++++ Norton AntiVirus - www.symantec.de

Bzzzzzz - wrong.   Standard Netsky variant - 100% catch rate from
virustotal.

Either Norton really goofed or the client hasn't updated the virus
def's for the last few years LOL.

Snip from virustotal:
AntiVir    7.2.0.49    12.06.2006    Worm/NetSky.P
Authentium    4.93.8    12.05.2006    W32/Netsky.P@mm
Avast    4.7.892.0    12.06.2006    Win32:Netsky-AF
AVG    386    12.06.2006    I-Worm/Netsky.Q


Re: Hmmmm

Am Wed, 06 Dec 2006 09:46:51 -0800 schrieb Duh_OZ:

[Got fake bounce message]
Quoted text here. Click to load it

I don't think so. Netsky itself puts that fake AV signature into its fake
bounce messages. See for example this Kaspersky description and scroll
down to "Message body":
http://www.viruslist.com/en/viruses/encyclopedia?virusid=64413

There it says:
"+++ Attachment: No Virus found
+++ MC-Afee AntiVirus - www.mcafee.com"

That's one or better *the* reason why any "No virus found" signature
being put into e-mails by several AV apps are completeley useless.
 
Gabriela

Re: Hmmmm

Gabriela Salvisberg wrote:
Quoted text here. Click to load it
===========
I'll be darned - first time I recieved one of those.

Thanx for the explanation.


Re: Hmmmm


Quoted text here. Click to load it
It certainly won't be the last if you don't hurry up and munge your email
address!



Site Timeline