[28512] in North American Network Operators' Group
Re: Virus Update
daemon@ATHENA.MIT.EDU (Christian Nielsen)
Thu May 4 13:19:54 2000
Date: Thu, 4 May 2000 11:14:42 -0600 (MDT)
From: Christian Nielsen <cnielsen@nielsen.net>
To: Rodney Joffe <rjoffe@centergate.com>
Cc: "Branden R. Williams" <brw@netvitality.net>, nanog@merit.edu,
bugtraq@securityfocus.com
In-Reply-To: <Pine.GSO.4.21.0005041018530.14905-100000@matterhorn.nielsen.net>
Message-ID: <Pine.GSO.4.21.0005041111210.15165-100000@matterhorn.nielsen.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Hate to followup on my own email..
.vbs files need to be blocked. not .vsd.
working with visio the past few days :)
and for those who were hit, you need to remove this file
c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
from your system.
I also see that there are some very nice providers announcing the /24 for
skyinet.net. thanks to them for helping the internet at large.
Christian
On Thu, 4 May 2000, Christian Nielsen wrote:
>
>
> Just block .vsd files from coming in. Filter them all at the border (thanks
> msft).
>
> I guess most of us are running unix based mailers so we dont get to see the
> effects/affects of these great news worthy viruses.
>
> can anyone tell me one time they could not do their job cause they counldnt
> read a .vsd file?
>
> If you look at the .vsd file, you see it is very easy to re-do, send some
> other string and on its way it goes to destroy mail servers around the
> world. Without blocking all .vsd files at the border, theses DOS attacks will
> flood our emails over the next few weeks.
>
> just my two cents....
>
>
>
> On Thu, 4 May 2000, Rodney Joffe wrote:
>
> >
> > Symantec is unreachable (of course).
> >
> > Does anyone have any info on patches/fixes etc?
> >
> > Also, if you use sendmail, there is a patch available for Sendmail 8.9.x
> > ... doesn't work with 8.10.x - available in the normal places - which
> > will stop the virus at your gateway..
> >
> > "Branden R. Williams" wrote:
> > >
> > > On Thu, 4 May 2000, Branden R. Williams wrote:
> > >
> > > > Should you run it, you will lose any files of the following
> > > > extensions. They will be renamed to filename.extension.vbs with a fresh
> > > > copy of the replication part.
> > >
> > > Actually it is a fresh copy of the entire virus. Sorry for the confusion.
> > >
> > > Cheers,
> > >
> > > Branden R. Williams <brw@netvitality.net>
> > > Vice President, Systems - NetVitality, Inc.
> > > http://www.netvitality.net/
> > > Internet Commerce Specialists
> >
> > --
> > Rodney Joffe
> > CenterGate Research Group, LLC.
> > http://www.centergate.com
> > "Technology so advanced, even we don't understand it!"(SM)
> >
> >
>
>
>
