|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Virus warning, was: Re: All your NIC handles are belong to us
I dont' want to get onto a "me too" thread but same problem here, to a thread I posted weeks ago Thomas ----- Original Message ----- From: "Kai Schlichting" <[email protected]> To: <[email protected]> Cc: "Marguerite Reardon" <[email protected]>; <[email protected]>; <[email protected]>; <[email protected]>; <[email protected]>; <[email protected]>; <[email protected]> Sent: Wednesday, April 18, 2001 10:56 AM Subject: Virus warning, was: Re: All your NIC handles are belong to us > > Hmm, my Norton AV/Win2000 just spit up a warning about the "[email protected]" virus > file being detected in the following mail - as a SETUP.pif attachment. > Given that it quotes a 6-week old NANOG posting of mine, I am almost sure > that I am not the only recipient. > > lightreading|agora|thorn copied FYI: you might want to give your user a phone call > about this, in case he doesn't read his email on a regular basis or/and if he is > blissfully unaware of what's transpiring on his machine. > > http://www.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=28772 describes this > as a MAPI worm that uses a few more filenames to disguise itself: > > Pics.ZIP.scr > images.pif > README.TXT.pif > New_Napster_Site.DOC.scr > news_doc.scr > hamster.ZIP.scr > YOU_are_FAT!.TXT.pif > searchURL.scr > SETUP.pif > Card.pif > Me_nude.AVI.pif > Sorry_about_yesterday.DOC.pif > s3msong.MP3.pif > docs.scr > Humor.TXT.pif > fun.pif > > > I guess Norton/Symantec can change the "wild" level from "low" to "medium" now. > > bye,Kai > > > > Received: from oboe.agora.com ([199.221.118.30]) > > by conti.nu (8.9.3/8.9.3) with ESMTP id KAA02337 > > for <[email protected]>; Wed, 18 Apr 2001 10:24:28 -0400 (EDT) > > Received-Date: Wed, 18 Apr 2001 10:24:28 -0400 (EDT) > > Received: from maggie2 ([216.213.101.18]) by oboe.agora.com with Microsoft SMTPSVC(5.5.1877.977.9); > > Wed, 18 Apr 2001 10:20:34 -0400 > > Message-ID: <[email protected]> > > From: "Marguerite Reardon" <[email protected]> > > To: <[email protected]> > > Subject: Re: Re: All your NIC handles are belong to us > > MIME-Version: 1.0 > > Content-Type: multipart/mixed; > > boundary="----=_NextPart_000_0197_01C0C7F1.BC7C91A0" > > X-Mailer: Microsoft Outlook Express 5.00.2615.200 > > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 > > Date: 18 Apr 2001 10:20:34 -0400 > > X-UIDL: 55e8d6494df8edb047065b7e1c036c3b > > > 'Kai Schlichting' wrote: > > ==== > > - > > - *knock knock* > > - > > - ALL YOUR NIC HANDLES ARE BELONG TO US. > > - > > - The mystery with posts going to nowhere has re-appeared. No bounces > > - due to NANOG-post. No moderation notice. Nothing. > > - Does Majordomo mind Subjects starting with "OT:" ? > > - > > - Feb 26 18:10:44 sonet sendmail[27445]: SAA27445: from=<[email protected]>, size=2083, class=0, pri=32083, nrcpts=1, msgid=<[email protected]>, bodytype=8BITMIME, proto=ESMTP, > > relay=localhost.conti.nu [127.0.0.1] > > ...' > > > >> Take a look to the attachment. > > >
|