Virus warning, was: Re: All your NIC handles are belong to us
tkernen at deckpoint.ch
Wed Apr 18 16:19:43 UTC 2001
I dont' want to get onto a "me too" thread but same problem here, to a thread I posted weeks ago
----- Original Message -----
From: "Kai Schlichting" <kai at pac-rim.net>
To: <nanog at merit.edu>
Cc: "Marguerite Reardon" <reardon at lightreading.com>; <postmaster at lightreading.com>; <abuse at lightreading.com>;
<postmaster at agora.com>; <abuse at agora.com>; <postmaster at thorn.net>; <abuse at thorn.net>
Sent: Wednesday, April 18, 2001 10:56 AM
Subject: Virus warning, was: Re: All your NIC handles are belong to us
> Hmm, my Norton AV/Win2000 just spit up a warning about the "W32.Badtrans.13312 at mm" virus
> file being detected in the following mail - as a SETUP.pif attachment.
> Given that it quotes a 6-week old NANOG posting of mine, I am almost sure
> that I am not the only recipient.
> lightreading|agora|thorn copied FYI: you might want to give your user a phone call
> about this, in case he doesn't read his email on a regular basis or/and if he is
> blissfully unaware of what's transpiring on his machine.
> http://www.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=28772 describes this
> as a MAPI worm that uses a few more filenames to disguise itself:
> I guess Norton/Symantec can change the "wild" level from "low" to "medium" now.
> > Received: from oboe.agora.com ([184.108.40.206])
> > by conti.nu (8.9.3/8.9.3) with ESMTP id KAA02337
> > for <kai at pac-rim.net>; Wed, 18 Apr 2001 10:24:28 -0400 (EDT)
> > Received-Date: Wed, 18 Apr 2001 10:24:28 -0400 (EDT)
> > Received: from maggie2 ([220.127.116.11]) by oboe.agora.com with Microsoft SMTPSVC(5.5.1877.977.9);
> > Wed, 18 Apr 2001 10:20:34 -0400
> > Message-ID: <019a01c0c813$43afc360$0c01a8c0 at ltread.org>
> > From: "Marguerite Reardon" <reardon at lightreading.com>
> > To: <kai at pac-rim.net>
> > Subject: Re: Re: All your NIC handles are belong to us
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed;
> > boundary="----=_NextPart_000_0197_01C0C7F1.BC7C91A0"
> > X-Mailer: Microsoft Outlook Express 5.00.2615.200
> > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
> > Date: 18 Apr 2001 10:20:34 -0400
> > X-UIDL: 55e8d6494df8edb047065b7e1c036c3b
> > 'Kai Schlichting' wrote:
> > ====
> > -
> > - *knock knock*
> > -
> > - ALL YOUR NIC HANDLES ARE BELONG TO US.
> > -
> > - The mystery with posts going to nowhere has re-appeared. No bounces
> > - due to NANOG-post. No moderation notice. Nothing.
> > - Does Majordomo mind Subjects starting with "OT:" ?
> > -
> > - Feb 26 18:10:44 sonet sendmail: SAA27445: from=<kai at pac-rim.net>, size=2083, class=0, pri=32083, nrcpts=1,
msgid=<6669287802.20010226180952 at conti.nu>, bodytype=8BITMIME, proto=ESMTP,
> > relay=localhost.conti.nu [127.0.0.1]
> > ...'
> >> Take a look to the attachment.
More information about the NANOG