[60130] in North American Network Operators' Group
Re: maybe this should be on sec focus but.
daemon@ATHENA.MIT.EDU (Damian Gerow)
Fri Aug 1 14:28:17 2003
Date: Fri, 1 Aug 2003 14:27:26 -0400
From: Damian Gerow <damian@sentex.net>
To: "'nanog@merit.edu'" <nanog@merit.edu>
Mail-Followup-To: "'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <75634F04BFCFD511BF69009027DC86497D1885@mailman.thenap.com>
Errors-To: owner-nanog-outgoing@merit.edu
Thus spake Drew Weaver (drew.weaver@thenap.com) [01/08/03 14:25]:
> I have had like 4 users call and tell me that they're receiving
> email from admin@ourdomainname with a unidentified attachment, possibly a
> worm that exploits the new Microsoft vulnerability last week, all 4 of these
> people reported that their updated this morning antivirus software missed
> it.
The latest NAI definitions catch it as Exploit-Codebase (which I *think* is
just a general catchall). We have an open ticket with F-Prot for this, and
are currently waiting on updated definitions from them.
- Damian
