Re: maybe this should be on sec focus but.
Date: Fri, 1 Aug 2003 14:27:26 -0400 From: Damian Gerow <damian@sentex.net> To: "'nanog@merit.edu'" <nanog@merit.edu> Subject: Re: maybe this should be on sec focus but. X-GPG-Key-Id: 0xB841F142 X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C 57E6 173D 9CF6 B841 F142
Thus spake Drew Weaver (drew.weaver@thenap.com) [01/08/03 14:25]:
I have had like 4 users call and tell me that they're
receiving
email from admin@ourdomainname with a unidentified attachment,
worm that exploits the new Microsoft vulnerability last week, all 4 of these people reported that their updated this morning antivirus software missed it.
The latest NAI definitions catch it as Exploit-Codebase (which I *think* is just a general catchall). We have an open ticket with F-Prot for
It seems to come with a message attachment of "message.zip". The body of the message goes something like this: ----------------------------------------- From: Admin Sent: Friday, August 01, 2003 11:25 AM To: <user-ID> Subject: your account <some-random-string> Importance: High Hello there, I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details. --- Best regards, Administrator <same-random-string-as-in-subject-line> Attachment seems to be "message.zip" ----------------------------------------- I would have sent this to the security list, but I got dropped today. Regards, Gregory Hicks possibly a this, and
are currently waiting on updated definitions from them.
- Damian
--------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3479 San Jose, CA 95134 | Internet: ghicks@cadence.com Never attribute to malice that which is adequately explained by ignorance or stupidity. Asking the wrong questions is the leading cause of wrong answers "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton
participants (1)
-
Gregory Hicks