nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Warning - new trend of attempts to infect ISP users (possibly virus)

From: William Warren <hescominsoon () emmanuelcomputerconsulting com>
Date: Wed, 03 Mar 2004 11:52:21 -0500
it has gotten to the point for me that i am looking for a whitelisting option on my firewall/a-v gateway instead of a blacklisting one for attachments. 

Stephen J. Wilcox wrote:
Erm is it me or are the writers of Bagle and Netsky determined to keep morphing their code to outwit the virus scanners.. is this a new trend in virus writing - beat the systems by evolving your code quicker than the security firms can release updates? 

new trend in that it started only a decade ago?
Perhaps I'm only following this as its affecting us more, but I dont recall a time previously when I've had so many viruses hitting us and getting thro our scanners with nothing we can do about it. I dont recall seeing viruses with variants as high as 'j' before, especially in the relatively short time since the previous variants were out
Seriously, drop some references if I'm off-track.. its just my perception and I'm not an expert at all with viruses... 

Steve






On Tue, 2 Mar 2004, Larry Rosenman wrote:



<http://vil.nai.com/vil/content/v_101071.htm>

W32/Bagle.[hij]@MM
--On Tuesday, March 02, 2004 20:07:17 -0800 "william(at)elan.net" <william () elan net> wrote: 




I have just seen emails (several different kinds) pretending to be sent
from 3 of my isp domains to users of those domains warning users that
their email account would be disabled and asking to open a .pif
attachment. I know largest ISPs probably have expierenced this but I
believe what I  have seen today means they are after ISPs (or possibly
just after any  domains with number of email addresses under them) of all
sizes right at  the moment. All emails we received from the same source
ip - 129.59.206.187 Please check your email base for what looks like the
following
(in the examples I changed everything to elan.net, actually every isp
domain received different example of this, only first one is exact).

Example 1:
---
From: management () elan net
To: xxxxx () elan net
Subject: Email account utilization warning.

Hello  user  of Elan.net e-mail server,

Your e-mail account has  been temporary disabled  because  of unauthorized
access.

For further details see the  attach.

Best wishes,
  The Elan.net team                               http://www.elan.net
---

Example 2:
---
From: administration () elan net
To: xxxx () elan net
Subject: Warning about your e-mail account.

Dear user of "Elan.net" mailing system,

Our main mailing server  will be temporary  unavaible  for next two days,
to  continue receiving mail in these  days you  have  to  configure  our
free auto-forwarding service.

Further details  can be  obtained  from attached  file.

Cheers,
  The Elan.net team                             http://www.elan.net
---

Example3:
---
To: xxxxx () elan net
Subject: Warning about your e-mail account.
From: administration () elan net

Dear user, the management of Elan.net mailing system wants to let you
know that,

Some of our clients complained  about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been  infected by
a  proxy-relay trojan  server. In order to keep  your  computer safe,
follow the instructions.

Please, read  the attach for further details.

The Management,
    The  Elan.net team                             http://www.elan.net














--
My "Foundation" verse:
Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
Previous By Date Next
Previous By Thread Next

Current thread: