Educause Security Discussion mailing list archives
Re: New Email Virus
From: Krizi Trivisani <krizi () GWU EDU>
Date: Fri, 31 Oct 2003 16:12:00 -0500
We had 100's of messages get through before we could update our email filters and get the latest anti-virus definitions updated. Thankfully our user community started calling the security team and helpdesk as soon as they started seeing the messages in their in-boxes. About a dozen machines on campus have been hit by this virus so far. We are shutting off the ports for the machines we have identified as infected. For each machine that is infected, a remedy ticket is being created and is searchable in the summary by IP. These machines will be offline and will need to be patched offline by a local administrator or LSP before they can have their ports turned back on. A mass email with the following text has been sent to the University community: -------- A new email worm is making the rounds with the subject line "Re[2]: our private photos" followed by random text. If you receive this message we ask you to delete it and do not open the attachment contained in this message. For more information about the worm: http://helpdesk.gwu.edu/helpdesk/news/fall03/mimailc.worm.103103.html Computers that have not applied the latest patches are also impacted and may be used to propagate the malicious code. Please ensure that you have patched your computer and are running the latest anti-virus definitions. For more information on securing your computer: http://helpdesk.gwu.edu/helpdesk/security/index.html --------- Happy worm fighting! Krizi Marty Hoag wrote:
I'm told our e-mail virus scanners caught 140 of these after we updated the McAfee DATs this morning. McAfee has issued an emergency DAT, 4301 for this. Since we use McAfee I'm not familiar with what the other vendors have done but I see Symantec raised the threat to Category 3. Marty ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- New Email Virus David Bruce (Oct 31)
- <Possible follow-ups>
- Re: New Email Virus Jim Bollinger (Oct 31)
- Re: New Email Virus Scott Bradner (Oct 31)
- Re: New Email Virus James Anzaldua (Oct 31)
- Re: New Email Virus Crawford, Charles D (Oct 31)
- Re: New Email Virus Marty Hoag (Oct 31)
- Re: New Email Virus Krizi Trivisani (Oct 31)