Hmmmm

D

Duh_OZ

Got a standard "message cannot be delievered" in my inbox along with an
attachment, so it was off to see if I had a backdoored malware awaiting
me.

The reason for the bounce back:
Reason: LMTP transmission failure has occurred
Diagnostic code: smtp;522 5.2.0 Delivery failed: Over quota

As to the attachment:
++++ Attachment: No Virus found
++++ Norton AntiVirus - www.symantec.de

Bzzzzzz - wrong. Standard Netsky variant - 100% catch rate from
virustotal.

Either Norton really goofed or the client hasn't updated the virus
def's for the last few years LOL.

Snip from virustotal:
AntiVir 7.2.0.49 12.06.2006 Worm/NetSky.P
Authentium 4.93.8 12.05.2006 W32/Netsky.P@mm
Avast 4.7.892.0 12.06.2006 Win32:Netsky-AF
AVG 386 12.06.2006 I-Worm/Netsky.Q
 
G

Gabriela Salvisberg

Am Wed, 06 Dec 2006 09:46:51 -0800 schrieb Duh_OZ:

[Got fake bounce message]
As to the attachment:
++++ Attachment: No Virus found
++++ Norton AntiVirus - www.symantec.de

Bzzzzzz - wrong. Standard Netsky variant - 100% catch rate from
virustotal.

Either Norton really goofed or the client hasn't updated the virus
def's for the last few years LOL.
Click to expand...

I don't think so. Netsky itself puts that fake AV signature into its fake
bounce messages. See for example this Kaspersky description and scroll
down to "Message body":
http://www.viruslist.com/en/viruses/encyclopedia?virusid=64413

There it says:
"+++ Attachment: No Virus found
+++ MC-Afee AntiVirus - www.mcafee.com"

That's one or better *the* reason why any "No virus found" signature
being put into e-mails by several AV apps are completeley useless.

Gabriela
 
D

Duh_OZ

Gabriela said:
Am Wed, 06 Dec 2006 09:46:51 -0800 schrieb Duh_OZ:

[Got fake bounce message]
As to the attachment:
++++ Attachment: No Virus found
++++ Norton AntiVirus - www.symantec.de

Bzzzzzz - wrong. Standard Netsky variant - 100% catch rate from
virustotal.

Either Norton really goofed or the client hasn't updated the virus
def's for the last few years LOL.
Click to expand...

I don't think so. Netsky itself puts that fake AV signature into its fake
bounce messages. See for example this Kaspersky description and scroll
down to "Message body":
http://www.viruslist.com/en/viruses/encyclopedia?virusid=64413

There it says:
"+++ Attachment: No Virus found
+++ MC-Afee AntiVirus - www.mcafee.com"

That's one or better *the* reason why any "No virus found" signature
being put into e-mails by several AV apps are completeley useless.

Gabriela
Click to expand...
===========
I'll be darned - first time I recieved one of those.

Thanx for the explanation.
 
Top