kornet.net abuse desk is mailing out W32.Nimda.E at mm worm

• Previous message (by thread): New Alert :: Whens the 'Net the target?
• Next message (by thread): kornet.net abuse desk is mailing out W32.Nimda.E at mm worm
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you or your staff have dealt with kornet.net (a Korean ISP belonging
to Korean Telecom), and specifically abuse at kornet.net in the past, beware:
It seems that they've been overrun by the brand-spanking-new W32.Nimda.E at mm
worm (**) sometimes late last night.

Specific case in hand: yesterday at 9:40pm EST, I received a mail
with a  Subject: line of an UNRELATED abuse issue (hello MFNX/XO/
Above.net :) that contains a MIME attachment with an auto-playing
"sound file" of sample.exe , openened in an <iframe> of your favorite
Microsoft email client. Source IP of the mailing : 210.222.17.36 (/24).

Mental note to all abuse desk personnel and publicly visible contacts:
do not use Microsoft, or any other widely used piece of software to
read and process your mail. Auto-adding mail senders to your Outlook
addressbook could be considered a deadly sin. Anti-Virus software
with definitions older than 24 hrs seem to be a real hazard, too.

bye,Kai


(**)
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

• Previous message (by thread): New Alert :: Whens the 'Net the target?
• Next message (by thread): kornet.net abuse desk is mailing out W32.Nimda.E at mm worm
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]