JMoss
jim.moss at jlmoss.net
Sat Jun 4 02:29:36 CDT 2005
Shamil, It's the worm, MYTOB or a variant, and Trend released their first definition on May 30. See the definition from Trend Micro at http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.B M You can probably clean it using Trend's free tool at http://housecall.trendmicro.com/ Jim -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Shamil Salakhetdinov Sent: Saturday, June 04, 2005 1:51 AM To: !dba-Tech Subject: [dba-Tech] New trouble - zip virus? Hi All, Now I've got something suspicious like a virus attachment but my NAV doesn't recognize it as a virus - here is its e-mail header: >From service at smsconsulting.spb.ru Sat Jun 4 01:20:42 2005 Received: from smsconsulting.spb.ru ([67.151.53.66]) by batman.mns.ru with esmtp; Sat, 04 Jun 2005 01:20:39 +0400 id 000149A4.42A0C9A7.000044CA From: service at smsconsulting.spb.ru To: shamil at smsconsulting.spb.ru Subject: *WARNING* Your Email Account Will Be Closed Date: Fri, 3 Jun 2005 14:17:50 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0009_D44961E9.957809EC" X-Priority: 3 X-MSMail-Priority: Normal X-Spam-Status: Yes, hits=8.3 tagged_above=3.0 required=8.0 tests=BAYES_80, MISSING_MIMEOLE, NO_REAL_NAME, PRIORITY_NO_NAME, UPPERCASE_25_50 X-Spam-Level: ******** X-Spam-Flag: YES WHOIS search didn't give any information on IP address: 67.151.53.66 I used this search Web site: http://www.ripe.net/whois Could you please advise what's the best way to track the source of this suspicious message? Thank you, Shamil _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com