North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
kornet.net abuse desk is mailing out W32.Nimda.E@mm worm
- From: Kai Schlichting
- Date: Tue Oct 30 13:39:00 2001
If you or your staff have dealt with kornet.net (a Korean ISP belonging
to Korean Telecom), and specifically abuse@kornet.net in the past, beware:
It seems that they've been overrun by the brand-spanking-new W32.Nimda.E@mm
worm (**) sometimes late last night.
Specific case in hand: yesterday at 9:40pm EST, I received a mail
with a Subject: line of an UNRELATED abuse issue (hello MFNX/XO/
Above.net :) that contains a MIME attachment with an auto-playing
"sound file" of sample.exe , openened in an <iframe> of your favorite
Microsoft email client. Source IP of the mailing : 210.222.17.36 (/24).
Mental note to all abuse desk personnel and publicly visible contacts:
do not use Microsoft, or any other widely used piece of software to
read and process your mail. Auto-adding mail senders to your Outlook
addressbook could be considered a deadly sin. Anti-Virus software
with definitions older than 24 hrs seem to be a real hazard, too.
bye,Kai
(**)
http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.e@mm.html
|
