nanog mailing list archives
Re: maybe this should be on sec focus but.
From: Forrest Houston <fhouston () east isi edu>
Date: Fri, 1 Aug 2003 14:28:54 -0400 (Eastern Daylight Time)
That's funny, I had atleast one person here receive a similar email which was forwarded on to me. I ran it through McAfee (4.5.1 engine, 4.0.4280 DAT) and it picked it right up (Trojan Name: Exploit-Code Base http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99383). Potentially it's a different incident than what they are talking about but the admin@domainname and the attachment are similar (it was a zip file containing an html file [according to the extensions]). Forrest On Fri, 1 Aug 2003, Drew Weaver wrote:
I have had like 4 users call and tell me that they're receiving email from admin@ourdomainname with a unidentified attachment, possibly a worm that exploits the new Microsoft vulnerability last week, all 4 of these people reported that their updated this morning antivirus software missed it. FYI.
Current thread:
- maybe this should be on sec focus but. Drew Weaver (Aug 01)
- Re: maybe this should be on sec focus but. Damian Gerow (Aug 01)
- Re: maybe this should be on sec focus but. Scott Granados (Aug 01)
- RE: maybe this should be on sec focus but. Bob German (Aug 01)
- Re: maybe this should be on sec focus but. Forrest Houston (Aug 01)
- Re: maybe this should be on sec focus but. Patrick_McAllister (Aug 01)
- Re: maybe this should be on sec focus but. Mike Tancsa (Aug 01)
- Re: maybe this should be on sec focus but. Joe Boyce (Aug 01)
- <Possible follow-ups>
- RE: maybe this should be on sec focus but. Drew Weaver (Aug 01)
- Re: maybe this should be on sec focus but. Gregory Hicks (Aug 01)