[68123] in North American Network Operators' Group
Re: Warning - new trend of attempts to infect ISP users (possibly
daemon@ATHENA.MIT.EDU (William Warren)
Wed Mar 3 11:52:32 2004
Date: Wed, 03 Mar 2004 11:52:21 -0500
From: William Warren <hescominsoon@emmanuelcomputerconsulting.com>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0403031612180.15621-100000@server2.tcw.telecomplete.net>
Errors-To: owner-nanog-outgoing@merit.edu
it has gotten to the point for me that i am looking for a whitelisting
option on my firewall/a-v gateway instead of a blacklisting one for
attachments.
Stephen J. Wilcox wrote:
>>>Erm is it me or are the writers of Bagle and Netsky determined to keep morphing
>>>their code to outwit the virus scanners.. is this a new trend in virus writing -
>>>beat the systems by evolving your code quicker than the security firms can
>>>release updates?
>>
>>new trend in that it started only a decade ago?
>
>
> Perhaps I'm only following this as its affecting us more, but I dont recall a
> time previously when I've had so many viruses hitting us and getting thro our
> scanners with nothing we can do about it. I dont recall seeing viruses with
> variants as high as 'j' before, especially in the relatively short time since
> the previous variants were out
>
> Seriously, drop some references if I'm off-track.. its just my perception and
> I'm not an expert at all with viruses...
>
> Steve
>
>
>
>
>
>>>On Tue, 2 Mar 2004, Larry Rosenman wrote:
>>>
>>>
>>>><http://vil.nai.com/vil/content/v_101071.htm>
>>>>
>>>>W32/Bagle.[hij]@MM
>>>>
>>>>
>>>>
>>>>--On Tuesday, March 02, 2004 20:07:17 -0800 "william(at)elan.net"
>>>><william@elan.net> wrote:
>>>>
>>>>
>>>>>
>>>>>I have just seen emails (several different kinds) pretending to be sent
>>>>>from 3 of my isp domains to users of those domains warning users that
>>>>>their email account would be disabled and asking to open a .pif
>>>>>attachment. I know largest ISPs probably have expierenced this but I
>>>>>believe what I have seen today means they are after ISPs (or possibly
>>>>>just after any domains with number of email addresses under them) of all
>>>>>sizes right at the moment. All emails we received from the same source
>>>>>ip - 129.59.206.187 Please check your email base for what looks like the
>>>>>following
>>>>>(in the examples I changed everything to elan.net, actually every isp
>>>>>domain received different example of this, only first one is exact).
>>>>>
>>>>>Example 1:
>>>>>---
>>>>>From: management@elan.net
>>>>>To: xxxxx@elan.net
>>>>>Subject: Email account utilization warning.
>>>>>
>>>>>Hello user of Elan.net e-mail server,
>>>>>
>>>>>Your e-mail account has been temporary disabled because of unauthorized
>>>>>access.
>>>>>
>>>>>For further details see the attach.
>>>>>
>>>>>Best wishes,
>>>>> The Elan.net team http://www.elan.net
>>>>>---
>>>>>
>>>>>Example 2:
>>>>>---
>>>>>From: administration@elan.net
>>>>>To: xxxx@elan.net
>>>>>Subject: Warning about your e-mail account.
>>>>>
>>>>>Dear user of "Elan.net" mailing system,
>>>>>
>>>>>Our main mailing server will be temporary unavaible for next two days,
>>>>>to continue receiving mail in these days you have to configure our
>>>>>free auto-forwarding service.
>>>>>
>>>>>Further details can be obtained from attached file.
>>>>>
>>>>>Cheers,
>>>>> The Elan.net team http://www.elan.net
>>>>>---
>>>>>
>>>>>Example3:
>>>>>---
>>>>>To: xxxxx@elan.net
>>>>>Subject: Warning about your e-mail account.
>>>>>From: administration@elan.net
>>>>>
>>>>>Dear user, the management of Elan.net mailing system wants to let you
>>>>>know that,
>>>>>
>>>>>Some of our clients complained about the spam (negative e-mail content)
>>>>>outgoing from your e-mail account. Probably, you have been infected by
>>>>>a proxy-relay trojan server. In order to keep your computer safe,
>>>>>follow the instructions.
>>>>>
>>>>>Please, read the attach for further details.
>>>>>
>>>>>The Management,
>>>>> The Elan.net team http://www.elan.net
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>
>
>
--
My "Foundation" verse:
Isa 54:17 No weapon that is formed against thee shall prosper; and
every tongue that shall rise against thee in judgment thou shalt
condemn. This is the heritage of the servants of the LORD, and their
righteousness is of me, saith the LORD.
