New virus

• Previous message (by thread): New virus
• Next message (by thread): Some very strange network behaviors - follow-up
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I got a copy from someone on Videotron just a short while ago:

Return-Path: <updates at symantec.com>
Received: from modemcable100.179-201-24.mtl.mc.videotron.ca
          ([24.201.179.100]) by fep02-mail.bloor.is.net.cable.rogers.com
          (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with
SMTP
          id
<20031008021701.FIGV80253.fep02-mail.bloor.is.net.cable.rogers.com at modem
cable100.179-201-24.mtl.mc.videotron.ca>
          for <rviau75 at rogers.com>; Tue, 7 Oct 2003 22:17:01 -0400
Message-ID: <2003101346.11398.qmail at symantec.com>
Date: Tue, 7 Oct 2003 19:21:59 -0700
From: <updates at symantec.com>
Subject: Last Update.
To: <rviau75 at rogers.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------9D16FAF1684605E"


-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Andrew Fried
Sent: October 7, 2003 8:16 AM
To: nanog at merit.edu
Subject: New virus 


I just received an email proporting to be from Symantec that contained
an 
anti-virus signature update.  The message originated in the 
Netherlands.  The attachment has been submitted to Symantec and FortiNet

for review, however, I thought the community might want a heads up since
I 
do not know the degree to which this has been distributed.  The full 
content of the message I received is below:

X-Persona: <CIS>
Return-Path: <updates at symantec.com>
X-Original-To: afried at cis.fed.gov
Delivered-To: afried at cis.fed.gov
Received: from node0938.a2000.nl (node0938.a2000.nl [62.108.9.56])
	by mailserver.cis.fed.gov (Postfix) with SMTP id 22868FD52
	for <afried at cis.fed.gov>; Tue,  7 Oct 2003 06:22:19 -0400 (EDT)
Message-ID: <20031026614.2874.qmail at symantec.com>
Date: Tue, 7 Oct 2003 03:26:29 -0700
From: <updates at symantec.com>
Subject: Last Update.
To: <afried at cis.fed.gov>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------9D16FAF1684605E"
X-UIDL: G]m!!l"d"!b\E"!\]5"!

October 06, 2003
Intruder Alert 4.1 W32_Webb_Worm Policy
This policy detects the propagation of the W32.SobigF.Worm through
changes in the registry.

W32.Webb.F at mm is a mass-mailing, network-aware worm that sends
itself to all the email addresses it finds in various files.
The worm uses its own SMTP engine to propagate and attempts
to create a copy of itself on accessible network shares, but
fails due to bugs in the code.

In attachment you can find program that update your Norton Antivirus to
Norton Antivirus 2004.
[nav32.zip]
Scanned by evaliation version of Dr.Web antivirus Daemon
http://drweb.ru/unix/

• Previous message (by thread): New virus
• Next message (by thread): Some very strange network behaviors - follow-up
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]