Received: from client-81-105-70-61.popl.adsl.virgin.net [184.108.40.206]
Wed, 31 Oct 2007 16:55:43 -0500
Received: from idqct ([220.127.116.11]) by client-81-105-70-61.popl.adsl.virgin.net with Microsoft SMTPSVC(6.0.3790.0); Wed, 31 Oct 2007 21:54:11 +0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
From: "email@example.com" <firstname.lastname@example.org>
Subject: [TEXT] [SLS] [HDR] [CHAR] Watch him dance
Date: Wed, 31 Oct 2007 16:54:11 -0500
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
Received-SPF: none (domain of email@example.com does not designated permitted sender hosts)
Content-Type: text/plain; charset="us-ascii"
Just a little Halloween fun. http://18.104.22.168/
Figured I'd run the AV scanners through the wringer on halloween.exe and the 'dancing skeleton' to see just how accurate coverage is for this variant.
The results are here, as always, it seems the major vendors (McAfee) fail at detecting it, as usual.