Home page logo

nanog logo nanog mailing list archives

Re: maybe this should be on sec focus but.
From: Patrick_McAllister () WASHGAS COM
Date: Fri, 1 Aug 2003 14:39:55 -0400


                      Forrest Houston                                                                                   
                      <fhouston () east is        To:       Drew Weaver <drew.weaver () thenap com>                     
                      i.edu>                   cc:       "'nanog () merit edu'" <nanog () merit edu>                    
                      Sent by:                 Subject:  Re: maybe this should be on sec focus but.                     
                      owner-nanog () merit                                                                              
                      08/01/2003 02:28                                                                                  

That's funny, I had atleast one person here receive a similar email which
was forwarded on to me.  I ran it through McAfee (4.5.1 engine, 4.0.4280
DAT) and it picked it right up (Trojan Name: Exploit-Code Base
Potentially it's a different incident than what they are talking about but
the admin () domainname and the attachment are similar (it was a zip file
containing an html file [according to the extensions]).


On Fri, 1 Aug 2003, Drew Weaver wrote:

            I have had like 4 users call and tell me that they're
email from admin () ourdomainname with a unidentified attachment, possibly a
worm that exploits the new Microsoft vulnerability last week, all 4 of
people reported that their updated this morning antivirus software missed


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]