|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: New virus
I got a copy from someone on Videotron just a short while ago: Return-Path: <[email protected]> Received: from modemcable100.179-201-24.mtl.mc.videotron.ca ([24.201.179.100]) by fep02-mail.bloor.is.net.cable.rogers.com (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with SMTP id <20[email protected]modem cable100.179-201-24.mtl.mc.videotron.ca> for <[email protected]>; Tue, 7 Oct 2003 22:17:01 -0400 Message-ID: <[email protected]> Date: Tue, 7 Oct 2003 19:21:59 -0700 From: <[email protected]> Subject: Last Update. To: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------9D16FAF1684605E" -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andrew Fried Sent: October 7, 2003 8:16 AM To: [email protected] Subject: New virus I just received an email proporting to be from Symantec that contained an anti-virus signature update. The message originated in the Netherlands. The attachment has been submitted to Symantec and FortiNet for review, however, I thought the community might want a heads up since I do not know the degree to which this has been distributed. The full content of the message I received is below: X-Persona: <CIS> Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from node0938.a2000.nl (node0938.a2000.nl [62.108.9.56]) by mailserver.cis.fed.gov (Postfix) with SMTP id 22868FD52 for <[email protected]>; Tue, 7 Oct 2003 06:22:19 -0400 (EDT) Message-ID: <[email protected]> Date: Tue, 7 Oct 2003 03:26:29 -0700 From: <[email protected]> Subject: Last Update. To: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------9D16FAF1684605E" X-UIDL: G]m!!l"d"!b\E"!\]5"! October 06, 2003 Intruder Alert 4.1 W32_Webb_Worm Policy This policy detects the propagation of the W32.SobigF.Worm through changes in the registry. [email protected] is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in various files. The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code. In attachment you can find program that update your Norton Antivirus to Norton Antivirus 2004. [nav32.zip] Scanned by evaliation version of Dr.Web antivirus Daemon http://drweb.ru/unix/
|