|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Virus warning, was: Re: All your NIC handles are belong to us
Hmm, my Norton AV/Win2000 just spit up a warning about the "[email protected]" virus file being detected in the following mail - as a SETUP.pif attachment. Given that it quotes a 6-week old NANOG posting of mine, I am almost sure that I am not the only recipient. lightreading|agora|thorn copied FYI: you might want to give your user a phone call about this, in case he doesn't read his email on a regular basis or/and if he is blissfully unaware of what's transpiring on his machine. http://www.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=28772 describes this as a MAPI worm that uses a few more filenames to disguise itself: Pics.ZIP.scr images.pif README.TXT.pif New_Napster_Site.DOC.scr news_doc.scr hamster.ZIP.scr YOU_are_FAT!.TXT.pif searchURL.scr SETUP.pif Card.pif Me_nude.AVI.pif Sorry_about_yesterday.DOC.pif s3msong.MP3.pif docs.scr Humor.TXT.pif fun.pif I guess Norton/Symantec can change the "wild" level from "low" to "medium" now. bye,Kai > Received: from oboe.agora.com ([199.221.118.30]) > by conti.nu (8.9.3/8.9.3) with ESMTP id KAA02337 > for <[email protected]>; Wed, 18 Apr 2001 10:24:28 -0400 (EDT) > Received-Date: Wed, 18 Apr 2001 10:24:28 -0400 (EDT) > Received: from maggie2 ([216.213.101.18]) by oboe.agora.com with Microsoft SMTPSVC(5.5.1877.977.9); > Wed, 18 Apr 2001 10:20:34 -0400 > Message-ID: <[email protected]> > From: "Marguerite Reardon" <[email protected]> > To: <[email protected]> > Subject: Re: Re: All your NIC handles are belong to us > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NextPart_000_0197_01C0C7F1.BC7C91A0" > X-Mailer: Microsoft Outlook Express 5.00.2615.200 > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 > Date: 18 Apr 2001 10:20:34 -0400 > X-UIDL: 55e8d6494df8edb047065b7e1c036c3b > 'Kai Schlichting' wrote: > ==== > - > - *knock knock* > - > - ALL YOUR NIC HANDLES ARE BELONG TO US. > - > - The mystery with posts going to nowhere has re-appeared. No bounces > - due to NANOG-post. No moderation notice. Nothing. > - Does Majordomo mind Subjects starting with "OT:" ? > - > - Feb 26 18:10:44 sonet sendmail[27445]: SAA27445: from=<[email protected]>, size=2083, class=0, pri=32083, nrcpts=1, msgid=<[email protected]>, bodytype=8BITMIME, proto=ESMTP, > relay=localhost.conti.nu [127.0.0.1] > ...' >> Take a look to the attachment.
|