Virus warning, was: Re: All your NIC handles are belong to us
Hmm, my Norton AV/Win2000 just spit up a warning about the "W32.Badtrans.13312@mm" virus file being detected in the following mail - as a SETUP.pif attachment. Given that it quotes a 6-week old NANOG posting of mine, I am almost sure that I am not the only recipient. lightreading|agora|thorn copied FYI: you might want to give your user a phone call about this, in case he doesn't read his email on a regular basis or/and if he is blissfully unaware of what's transpiring on his machine. http://www.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=28772 describes this as a MAPI worm that uses a few more filenames to disguise itself: Pics.ZIP.scr images.pif README.TXT.pif New_Napster_Site.DOC.scr news_doc.scr hamster.ZIP.scr YOU_are_FAT!.TXT.pif searchURL.scr SETUP.pif Card.pif Me_nude.AVI.pif Sorry_about_yesterday.DOC.pif s3msong.MP3.pif docs.scr Humor.TXT.pif fun.pif I guess Norton/Symantec can change the "wild" level from "low" to "medium" now. bye,Kai
Received: from oboe.agora.com ([199.221.118.30]) by conti.nu (8.9.3/8.9.3) with ESMTP id KAA02337 for <kai@pac-rim.net>; Wed, 18 Apr 2001 10:24:28 -0400 (EDT) Received-Date: Wed, 18 Apr 2001 10:24:28 -0400 (EDT) Received: from maggie2 ([216.213.101.18]) by oboe.agora.com with Microsoft SMTPSVC(5.5.1877.977.9); Wed, 18 Apr 2001 10:20:34 -0400 Message-ID: <019a01c0c813$43afc360$0c01a8c0@ltread.org> From: "Marguerite Reardon" <reardon@lightreading.com> To: <kai@pac-rim.net> Subject: Re: Re: All your NIC handles are belong to us MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0197_01C0C7F1.BC7C91A0" X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Date: 18 Apr 2001 10:20:34 -0400 X-UIDL: 55e8d6494df8edb047065b7e1c036c3b
'Kai Schlichting' wrote: ==== - - *knock knock* - - ALL YOUR NIC HANDLES ARE BELONG TO US. - - The mystery with posts going to nowhere has re-appeared. No bounces - due to NANOG-post. No moderation notice. Nothing. - Does Majordomo mind Subjects starting with "OT:" ? - - Feb 26 18:10:44 sonet sendmail[27445]: SAA27445: from=<kai@pac-rim.net>, size=2083, class=0, pri=32083, nrcpts=1, msgid=<6669287802.20010226180952@conti.nu>, bodytype=8BITMIME, proto=ESMTP, relay=localhost.conti.nu [127.0.0.1] ...'
Take a look to the attachment.
I can confirm at least 2 others (including myself) having received the message. I sent off a note to Marguerite Reardon saying I neither have Windows, nor do I run attachments from strangers. Mine was fun.pif, and was Windows executable.
Yes, I received two of these.. It appears that someone scarfed the nanog archives and spammed from them as both subject messages were replies to posts I made weeks ago. *sigh* On Wed, Apr 18, 2001 at 11:16:34AM -0400, Stephen Griffin wrote:
I can confirm at least 2 others (including myself) having received the message. I sent off a note to Marguerite Reardon saying I neither have Windows, nor do I run attachments from strangers.
Mine was fun.pif, and was Windows executable.
On Wed, 18 Apr 2001, Stephen Griffin wrote:
I can confirm at least 2 others (including myself) having received the message. I sent off a note to Marguerite Reardon saying I neither have Windows, nor do I run attachments from strangers.
Mine was fun.pif, and was Windows executable.
Notch up one more. It was "Me_nude.AVI.pif" in my case. --- John Fraizer EnterZone, Inc
I dont' want to get onto a "me too" thread but same problem here, to a thread I posted weeks ago Thomas ----- Original Message ----- From: "Kai Schlichting" <kai@pac-rim.net> To: <nanog@merit.edu> Cc: "Marguerite Reardon" <reardon@lightreading.com>; <postmaster@lightreading.com>; <abuse@lightreading.com>; <postmaster@agora.com>; <abuse@agora.com>; <postmaster@thorn.net>; <abuse@thorn.net> Sent: Wednesday, April 18, 2001 10:56 AM Subject: Virus warning, was: Re: All your NIC handles are belong to us
Hmm, my Norton AV/Win2000 just spit up a warning about the "W32.Badtrans.13312@mm" virus file being detected in the following mail - as a SETUP.pif attachment. Given that it quotes a 6-week old NANOG posting of mine, I am almost sure that I am not the only recipient.
lightreading|agora|thorn copied FYI: you might want to give your user a phone call about this, in case he doesn't read his email on a regular basis or/and if he is blissfully unaware of what's transpiring on his machine.
http://www.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=28772 describes this as a MAPI worm that uses a few more filenames to disguise itself:
Pics.ZIP.scr images.pif README.TXT.pif New_Napster_Site.DOC.scr news_doc.scr hamster.ZIP.scr YOU_are_FAT!.TXT.pif searchURL.scr SETUP.pif Card.pif Me_nude.AVI.pif Sorry_about_yesterday.DOC.pif s3msong.MP3.pif docs.scr Humor.TXT.pif fun.pif
I guess Norton/Symantec can change the "wild" level from "low" to "medium" now.
bye,Kai
Received: from oboe.agora.com ([199.221.118.30]) by conti.nu (8.9.3/8.9.3) with ESMTP id KAA02337 for <kai@pac-rim.net>; Wed, 18 Apr 2001 10:24:28 -0400 (EDT) Received-Date: Wed, 18 Apr 2001 10:24:28 -0400 (EDT) Received: from maggie2 ([216.213.101.18]) by oboe.agora.com with Microsoft SMTPSVC(5.5.1877.977.9); Wed, 18 Apr 2001 10:20:34 -0400 Message-ID: <019a01c0c813$43afc360$0c01a8c0@ltread.org> From: "Marguerite Reardon" <reardon@lightreading.com> To: <kai@pac-rim.net> Subject: Re: Re: All your NIC handles are belong to us MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0197_01C0C7F1.BC7C91A0" X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Date: 18 Apr 2001 10:20:34 -0400 X-UIDL: 55e8d6494df8edb047065b7e1c036c3b
'Kai Schlichting' wrote: ==== - - *knock knock* - - ALL YOUR NIC HANDLES ARE BELONG TO US. - - The mystery with posts going to nowhere has re-appeared. No bounces - due to NANOG-post. No moderation notice. Nothing. - Does Majordomo mind Subjects starting with "OT:" ? - - Feb 26 18:10:44 sonet sendmail[27445]: SAA27445: from=<kai@pac-rim.net>, size=2083, class=0, pri=32083, nrcpts=1,
msgid=<6669287802.20010226180952@conti.nu>, bodytype=8BITMIME, proto=ESMTP,
relay=localhost.conti.nu [127.0.0.1] ...'
Take a look to the attachment.
participants (5)
-
John Fraizer
-
Kai Schlichting
-
Stephen Griffin
-
Thomas Kernen
-
Wayne Bouchard