Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES

From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Sat, 15 Nov 2003 12:19:46 +1300
 


-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Larry Hand
Sent: Saturday, 15 November 2003 8:38 a.m.
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES

On Thursday 13 November 2003 04:43 pm, Larry Hand wrote:

Anyone else seeing this? It comes with an attachment Paypal.asp.scr. 
Anyone know what it is? It sure looks suspicious.


And a bunch of people answered! Thanks to you all.

Thanks for the links. I expect it's that MiMail trojan. It's rare that a 
virus gets through the filters here. Apparently it's a new variant which 
slipped in before the newest AV signature updates were installed. Since

NAI 

didn't find out about it until today, I guess that's reasonable :-)


That is why you should implement content blocking at your e-mail server.
There is absolutely no reason to allow .scr files to go around. If you had
this blocked, it would stop MiMail-I without AV updates.
Also, note that this attachment has double extension, which should also be
automatically blocked.

You can check unsafe extensions list at Microsoft's Web site:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;262631


Regards,

Bojan Zdrnja
CISSP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: