Passport Questions?
 
 
 
 
 
   
Possible new virus? immigration letter.doc.exe
Question:

I got email today from a person I do not know. Examination of the IP address in the headers indicate it actually came from someone that I DO know. Classic email virus behavior.

It came with an attachment named immigration letter.doc.exe

and had subject line Subject: RE: Mark Olm : My October 25, 2002 E-Mail which is a file of length 13370 bytes.

It is not detected as a virus by the latest Norton antivirus defs. I submitted it to SARC. Odd that it was not recognized by Norton.

Is anyone familiar with this one? How could this be new?

Answer:

Did you try one of the online AV services, like Housecall @ trend micro?

Exactly right

I manually submitted the file to SARC. I got a response that the file is corrupt, and not executable.

What happens, in fact is that when you send a sample to the sarc your mail and it's attachement are received by a robot which runs the same defs files than your version of Norton (assuming you are up-to-date). Consequently the sarc reply the same thing than your own AV. I must recognise that it is the stupidest support I've ever seen.

Years ago there was ways to submit samples to the actual labo. Unfortunately, since they have redesigned their site, I've been unable to retrieve the appropriate page.

I've just found this article dated August 2000 http://securityresponse.symantec.com/avcenter/reference/newsletter/Au... (look at the bottom : Send virus samples to: avsub...@symantec.com). No idea of if this is still valid.

I apologize not to be more precise.

Gad. Are you serious? Why would they do that? That is incredibly stupid!

I would think their business would be to detect and analyze new viruses that are submitted by US. For free!. I would only submit something to them to be helpful. If they don't actually do anything with those submissions that is crazy.



 
Have a Question? | Home
Privacy Policy