Bafra Virus

[laddepp]

http://sophos.com/virusinfo/analyses/w32bofraa.html
http://sophos.com/virusinfo/analyses/w32bofrab.html
http://sophos.com/virusinfo/articles/criticalnov04.html

Is this something that the script blocker would stop, or would the file download and be stopped by Avast?

[Eddy]

That is just another version of MyDoom.

[Spyros]

I can't tell you which avast module will stop it (although I suspect that the fact that it spreads through e-mails will be covered by the e-mail scanner) but I do know (acording to this: http://www.avast.com/eng/viruses/vps_history.html) that it was covered with VPS 0446-0, 09.11.2004)  

[laddepp]

There are a number of differences between this virus and Mydoom. Some AV vendors are calling it Mydoom, others (including Avast) are calling it Bofra (spelled it wrong to begin with)  

At what point does the E-mail scanner catch emails like this? The emails themselves do not contain a virus.  They just point to an infected machine's HTTP server which installs the worm. Is this some Avast's IE "Script Blocker" blocks. For example, if I have Avast and I am stupid enough to click on that link, will the script blocker stop the download right there? I know Avast has protection for the virus itself, but will the script blocker block the download?

I guess this is more of a "how does Avast technology work" question. thanks!