maybe this should be on sec focus but.

• Previous message (by thread): maybe this should be on sec focus but.
• Next message (by thread): maybe this should be on sec focus but.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It seems to come with a message attachment of "message.zip".

The body of the message goes something like this:
-----------------------------------------
From: Admin 
Sent: Friday, August 01, 2003 11:25 AM
To: <user-ID>
Subject: your account <some-random-string>
Importance: High



Hello there,

I would like to inform you about important information regarding your
email address. This email address will be expiring. Please read
attachment for details.

---
Best regards, Administrator
<same-random-string-as-in-subject-line>

Attachment seems to be "message.zip"
-----------------------------------------
I would have sent this to the security list, but I got dropped today.

Regards,
Gregory Hicks

> Date: Fri, 1 Aug 2003 14:27:26 -0400
> From: Damian Gerow <damian at sentex.net>
> To: "'nanog at merit.edu'" <nanog at merit.edu>
> Subject: Re: maybe this should be on sec focus but.
> X-GPG-Key-Id: 0xB841F142
> X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C  57E6 173D 9CF6 B841 F142
> 
> 
> Thus spake Drew Weaver (drew.weaver at thenap.com) [01/08/03 14:25]:
> >             I have had like 4 users call and tell me that they're 
receiving
> > email from admin at ourdomainname with a unidentified attachment, 
possibly a
> > worm that exploits the new Microsoft vulnerability last week, all 4 
of these
> > people reported that their updated this morning antivirus software 
missed
> > it.
> 
> The latest NAI definitions catch it as Exploit-Codebase (which I 
*think* is
> just a general catchall).  We have an open ticket with F-Prot for 
this, and
> are currently waiting on updated definitions from them.
> 
>   - Damian

---------------------------------------------------------------------
Gregory Hicks                           | Principal Systems Engineer
Cadence Design Systems                  | Direct:   408.576.3609
555 River Oaks Pkwy M/S 6B1             | Fax:      408.894.3479
San Jose, CA 95134                      | Internet: ghicks at cadence.com

Never attribute to malice that which is adequately explained by
ignorance or stupidity.

Asking the wrong questions is the leading cause of wrong answers

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton

• Previous message (by thread): maybe this should be on sec focus but.
• Next message (by thread): maybe this should be on sec focus but.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]