1 Reply Latest reply on Jul 31, 2008 10:57 AM by DV27


      About a week ago users started getting email saying they were from UPS containing an attachment, a virus no doubt but VirusScan Enterprise 8.5.0i + Antispywate entterprise with the latest dats was not picking these up and neither was groupshield. I sent a sample to McAfee and they sent me an extra.dat along with the following info.

      ups_invoice_978172.e|new detection |spy-agent.bw |Trojan |yes

      on Friday I started getting similar email about flight tickets, again not being detected, sent to McAfee they sent an extra.dat

      e-ticket_n7399294_an|new detection |spy-agent.bw |Trojan |yes

      Today I got yet more emails and another extra.dat from mcafee

      eticket#1721.exe |new detection |spy-agent.bw |Trojan |yes

      I currently have Engine 5200.2160 Dat 5350.

      What is going on? these could be new variants but surley mcafee should be detecting them. If they issued me a extra.dat today should the next regular dat release detect the viruses as detected by the extra.dat?
        • 1. RE: spy-agent.bw
          Hi jbason_2000. Last Thursday we had a user that had contracted this same virus in the same way, a UPS email spoofed through Hotmail. From what we can see the definition for this varient was released in the Friday DAT.

          In the end we took no chances and blew away the two machines that the user had infected (it had infected his network roaming profile). But before we performed scans of machines and the server that held the roaming profile detected and removed the virus.

          EDIT: Just to add, we run VS 8.5i with a mixture of patch 4 and 5 with the latest DATS.