Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: maybe this should be on sec focus but.

  • From: Gregory Hicks
  • Date: Fri Aug 01 14:58:30 2003

It seems to come with a message attachment of "message.zip".

The body of the message goes something like this:
-----------------------------------------
From: Admin 
Sent: Friday, August 01, 2003 11:25 AM
To: <user-ID>
Subject: your account <some-random-string>
Importance: High



Hello there,

I would like to inform you about important information regarding your
email address. This email address will be expiring. Please read
attachment for details.

---
Best regards, Administrator
<same-random-string-as-in-subject-line>

Attachment seems to be "message.zip"
-----------------------------------------
I would have sent this to the security list, but I got dropped today.

Regards,
Gregory Hicks

> Date: Fri, 1 Aug 2003 14:27:26 -0400
> From: Damian Gerow <damian@sentex.net>
> To: "'nanog@merit.edu'" <nanog@merit.edu>
> Subject: Re: maybe this should be on sec focus but.
> X-GPG-Key-Id: 0xB841F142
> X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C  57E6 173D 9CF6 B841 F142
> 
> 
> Thus spake Drew Weaver (drew.weaver@thenap.com) [01/08/03 14:25]:
> >             I have had like 4 users call and tell me that they're 
receiving
> > email from admin@ourdomainname with a unidentified attachment, 
possibly a
> > worm that exploits the new Microsoft vulnerability last week, all 4 
of these
> > people reported that their updated this morning antivirus software 
missed
> > it.
> 
> The latest NAI definitions catch it as Exploit-Codebase (which I 
*think* is
> just a general catchall).  We have an open ticket with F-Prot for 
this, and
> are currently waiting on updated definitions from them.
> 
>   - Damian

---------------------------------------------------------------------
Gregory Hicks                           | Principal Systems Engineer
Cadence Design Systems                  | Direct:   408.576.3609
555 River Oaks Pkwy M/S 6B1             | Fax:      408.894.3479
San Jose, CA 95134                      | Internet: ghicks@cadence.com

Never attribute to malice that which is adequately explained by
ignorance or stupidity.

Asking the wrong questions is the leading cause of wrong answers

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.