Home page logo

nanog logo nanog mailing list archives

Re: maybe this should be on sec focus but.
From: Gregory Hicks <ghicks () cadence com>
Date: Fri, 1 Aug 2003 11:43:10 -0700 (PDT)

It seems to come with a message attachment of "message.zip".

The body of the message goes something like this:
From: Admin 
Sent: Friday, August 01, 2003 11:25 AM
To: <user-ID>
Subject: your account <some-random-string>
Importance: High

Hello there,

I would like to inform you about important information regarding your
email address. This email address will be expiring. Please read
attachment for details.

Best regards, Administrator

Attachment seems to be "message.zip"
I would have sent this to the security list, but I got dropped today.

Gregory Hicks

Date: Fri, 1 Aug 2003 14:27:26 -0400
From: Damian Gerow <damian () sentex net>
To: "'nanog () merit edu'" <nanog () merit edu>
Subject: Re: maybe this should be on sec focus but.
X-GPG-Key-Id: 0xB841F142
X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C  57E6 173D 9CF6 B841 F142

Thus spake Drew Weaver (drew.weaver () thenap com) [01/08/03 14:25]:
            I have had like 4 users call and tell me that they're 
email from admin () ourdomainname with a unidentified attachment, 
possibly a
worm that exploits the new Microsoft vulnerability last week, all 4 
of these
people reported that their updated this morning antivirus software 

The latest NAI definitions catch it as Exploit-Codebase (which I 
*think* is
just a general catchall).  We have an open ticket with F-Prot for 
this, and
are currently waiting on updated definitions from them.

  - Damian

Gregory Hicks                           | Principal Systems Engineer
Cadence Design Systems                  | Direct:   408.576.3609
555 River Oaks Pkwy M/S 6B1             | Fax:      408.894.3479
San Jose, CA 95134                      | Internet: ghicks () cadence com

Never attribute to malice that which is adequately explained by
ignorance or stupidity.

Asking the wrong questions is the leading cause of wrong answers

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]