Author Topic: Avast does not detect MYTOB.CF Worm  (Read 4268 times)

0 Members and 1 Guest are viewing this topic.

afragnicht

  • Guest
Avast does not detect MYTOB.CF Worm
« on: May 09, 2005, 08:07:11 AM »
Hello,

I am experiencing the fact that avast Professional does not detect mytob.cf Worm. Avast works in Proxy Mode. The worm is detected by the antivir Mailgate Proxy which works on our second Mailgateway.

Here are some Headers and a Part of the message Body:
Sender and recipient are faked (as ususal).

================== snip ============================
From: promotion5@amazon.de
To: matt@yyyy-zzzz.de
Subject: Status
Date: Thu, 5 May 2005 21:54:46 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
   boundary="----=_NextPart_000_0013_FDA93145.A0ADBDAE"
X-Priority: 3
X-MSMail-Priority: Normal
Message-ID: <0MKqIe-1DTmQo1ExZ-0006Il@mxeu3.kundenserver.de>
X-RBL-Warning: warn.bl.kundenserver.de says:
X-UIDL: AP\!!CHP"!#(C"!4Kc"!
Status: U
X-Antivirus: avast! (VPS 0518-3, 04.05.2005), Inbound message
X-Antivirus-Status: Clean

This is a multi-part message in MIME format.

------=_NextPart_000_0013_FDA93145.A0ADBDAE
Content-Type: text/plain;
   charset="Windows-1252"
Content-Transfer-Encoding: 7bit

&¦%3müâ<4YZíÆá&#152;5&#154;#v¼¢ ¡|ûøný4¢z%wLt;ñ<]mñÍ~ñ®z/Do&#134; ÍMýþ¸&#139;þ)_äâmøÍb£&#139;&#159;(??,&#152;±Mö&#145;_¡ÔAb28/0;/ÛNýèØ*&#148;ìC1±LìR«Y&#130;¿KºD§Þ`]&#140;^ÃjKH&#152;¯Eè~6ò£¾Ç|\Ä-vwpÍ7îÕÃð&#153;,&#159;¢aH²£ù¹äߧ&#136;J¹!n&#135;/'mûc&#149;1觐)Ï8i­nø&#153;&#152;îÚ&#148;
Õð¦©ûȏg7.}f4WMº&#147;<Ô/.r&#156;ÀqókS×Ð/ë\Ä]È_Ð
ùþÓ¦ö:ZvªÌZìj~r&#152;­42S'/v¯QZ&#150;p¹îÞÅ2V&#139;1&#158;&#139;&#148;9&#139;ó.c
iÒÜØ¥NñvÃiÂÌ&#137;ðbÌ÷R¢S_òöUÈdÍÌm0õ&#158;ª2èïi¼.zw'&#146;½&}&#159;ûßm#52¬Í1Trµú&#154;ûÓ^þæ§^Lp&#150;c&#149;©æÏsðyK&#158;¶&#130;8n&#149;`<0¸&#158;&#155;ë&#137;òº*&#131;Äø&#131;äÛI&#147;òéÞxöç$ÏÛÕÌOuyûµ¼ç¨:_qÆO<Z­K&#155;&#142;h-àþ~íÏæRöB~±¤¸kà­Ä³®8ª&#153;C&#142;G&#148;Ý&#155;Êòc&f oÙü;[Ú¸-Æ«ôX&#156;paSSø¿»¦f}.)2ûí¸Á©wsx Áp&#152;ÅWaz>¬Ê³&#132;m&#155;&#155;¹Óv_ó&Íü2&#140;


------=_NextPart_000_0013_FDA93145.A0ADBDAE
Content-Type: application/octet-stream;
   name="data.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
   filename="data.zip"

UEsDBAoAAAAAANeepTL7peAozrkAAM65AABSAAAAZGF0YS50eHQgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLnNjck1a

========================== snap =====================

If you need something for analysis: I have many of them.

Greetings Andreas

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11831
    • AVAST Software
Re: Avast does not detect MYTOB.CF Worm
« Reply #1 on: May 09, 2005, 10:55:44 AM »
I suggest to update the virus database - the latest one is 0518-5.

afragnicht

  • Guest
Re: Avast does not detect MYTOB.CF Worm
« Reply #2 on: May 09, 2005, 03:44:18 PM »
On this system the database ist updated regulary because the system is nearly "always on"

We have the Version you mentionedm above. The Virus was detected b  antivir from May 1. to May 8. 2005.

At the moment there are no new attacs from this virus. - But the night will come.

look:


=================== snip ===============================
From: hexenmouse@web.de
To: afragnicht@xx-yyy.de
Subject:
Date: Sun, 8 May 2005 19:49:45 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
   boundary="----=_NextPart_000_0000_AFEFC023.8CDD2AB7"
X-Priority: 3
X-MSMail-Priority: Normal
Message-ID: <0MKqlY-1DUpuS3sSz-0006mR@mxeu4.kundenserver.de>
X-RBL-Warning: warn.bl.kundenserver.de says:
X-UIDL: 2$@!!<W["!^h1"!!6Y"!
Status: U
X-Antivirus: avast! (VPS 0518-5, 08.05.2005), Inbound message
X-Antivirus-Status: Clean

This is a multi-part message in MIME format.

------=_NextPart_000_0000_AFEFC023.8CDD2AB7
Content-Type: text/plain;
   charset="Windows-1252"
Content-Transfer-Encoding: 7bit

Here are your banks documents.


------=_NextPart_000_0000_AFEFC023.8CDD2AB7
Content-Type: application/octet-stream;
   name="file.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
   filename="file.zip"

UEsDBAoAAAAAADaOqDL7peAozrkAAM65AAAIAAAAZmlsZS5waWZNWktFUk5FTDMyLkRMTAAAUEUA
AEwBAgBVcGFja0J5RHdpbmfgAA8BCwEAAAACAAAAAAAA
============================= snap ===========================

« Last Edit: May 09, 2005, 03:47:53 PM by afragnicht »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11831
    • AVAST Software
Re: Avast does not detect MYTOB.CF Worm
« Reply #3 on: May 09, 2005, 04:20:10 PM »
If you receive any undetected virus, send it to virus@avast.com, please.

afragnicht

  • Guest
Re: Avast does not detect MYTOB.CF Worm
« Reply #4 on: May 09, 2005, 04:44:54 PM »
Is there ab PGP Key for virus@avast.com, so that I can encrypt the virus?
The public keyserver says there isn't.
My system does not like to send known viruses.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88180
  • No support PMs thanks
Re: Avast does not detect MYTOB.CF Worm
« Reply #5 on: May 09, 2005, 04:54:16 PM »
Just zip and password (virus will do) protect the suspect file and put the password in the body of the email.
Give a brief outline of the problem in the body of the email.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security