[60136] in North American Network Operators' Group
Re: maybe this should be on sec focus but.
daemon@ATHENA.MIT.EDU (Patrick_McAllister@WASHGAS.COM)
Fri Aug 1 14:48:14 2003
In-Reply-To: <Pine.WNT.4.53.0308011423220.1004@rosencrantz>
To: Forrest Houston <fhouston@east.isi.edu>
Cc: Drew Weaver <drew.weaver@thenap.com>,
"'nanog@merit.edu'" <nanog@merit.edu>, owner-nanog@merit.edu
From: Patrick_McAllister@WASHGAS.COM
Date: Fri, 1 Aug 2003 14:39:55 -0400
Errors-To: owner-nanog-outgoing@merit.edu
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.A
Forrest Houston
<fhouston@east.is To: Drew Weaver <drew.weaver@thenap.com>
i.edu> cc: "'nanog@merit.edu'" <nanog@merit.edu>
Sent by: Subject: Re: maybe this should be on sec focus but.
owner-nanog@merit
.edu
08/01/2003 02:28
PM
That's funny, I had atleast one person here receive a similar email which
was forwarded on to me. I ran it through McAfee (4.5.1 engine, 4.0.4280
DAT) and it picked it right up (Trojan Name: Exploit-Code Base
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99383).
Potentially it's a different incident than what they are talking about but
the admin@domainname and the attachment are similar (it was a zip file
containing an html file [according to the extensions]).
Forrest
On Fri, 1 Aug 2003, Drew Weaver wrote:
> I have had like 4 users call and tell me that they're
receiving
> email from admin@ourdomainname with a unidentified attachment, possibly a
> worm that exploits the new Microsoft vulnerability last week, all 4 of
these
> people reported that their updated this morning antivirus software missed
> it.
>
>
>
> FYI.
>
>
>
>
>
>
