nanog mailing list archives
Virus warning, was: Re: All your NIC handles are belong to us
From: Kai Schlichting <kai () pac-rim net>
Date: Wed, 18 Apr 2001 10:56:34 -0400
Hmm, my Norton AV/Win2000 just spit up a warning about the "W32.Badtrans.13312@mm" virus file being detected in the following mail - as a SETUP.pif attachment. Given that it quotes a 6-week old NANOG posting of mine, I am almost sure that I am not the only recipient. lightreading|agora|thorn copied FYI: you might want to give your user a phone call about this, in case he doesn't read his email on a regular basis or/and if he is blissfully unaware of what's transpiring on his machine. http://www.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=28772 describes this as a MAPI worm that uses a few more filenames to disguise itself: Pics.ZIP.scr images.pif README.TXT.pif New_Napster_Site.DOC.scr news_doc.scr hamster.ZIP.scr YOU_are_FAT!.TXT.pif searchURL.scr SETUP.pif Card.pif Me_nude.AVI.pif Sorry_about_yesterday.DOC.pif s3msong.MP3.pif docs.scr Humor.TXT.pif fun.pif I guess Norton/Symantec can change the "wild" level from "low" to "medium" now. bye,Kai
Received: from oboe.agora.com ([199.221.118.30])
by conti.nu (8.9.3/8.9.3) with ESMTP id KAA02337
for <kai () pac-rim net>; Wed, 18 Apr 2001 10:24:28 -0400 (EDT)
Received-Date: Wed, 18 Apr 2001 10:24:28 -0400 (EDT)
Received: from maggie2 ([216.213.101.18]) by oboe.agora.com with Microsoft SMTPSVC(5.5.1877.977.9);
Wed, 18 Apr 2001 10:20:34 -0400
Message-ID: <019a01c0c813$43afc360$0c01a8c0 () ltread org>
From: "Marguerite Reardon" <reardon () lightreading com>
To: <kai () pac-rim net>
Subject: Re: Re: All your NIC handles are belong to us
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0197_01C0C7F1.BC7C91A0"
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Date: 18 Apr 2001 10:20:34 -0400
X-UIDL: 55e8d6494df8edb047065b7e1c036c3b
'Kai Schlichting' wrote: ==== - - *knock knock* - - ALL YOUR NIC HANDLES ARE BELONG TO US. - - The mystery with posts going to nowhere has re-appeared. No bounces - due to NANOG-post. No moderation notice. Nothing. - Does Majordomo mind Subjects starting with "OT:" ? - - Feb 26 18:10:44 sonet sendmail[27445]: SAA27445: from=<kai () pac-rim net>, size=2083, class=0, pri=32083, nrcpts=1, msgid=<6669287802.20010226180952 () conti nu>, bodytype=8BITMIME, proto=ESMTP, relay=localhost.conti.nu [127.0.0.1] ...'
Take a look to the attachment.
Current thread:
- Virus warning, was: Re: All your NIC handles are belong to us Kai Schlichting (Apr 18)
- Re: Virus warning, was: Re: All your NIC handles are belong to us Stephen Griffin (Apr 18)
- Re: Virus warning, was: Re: All your NIC handles are belong to us Wayne Bouchard (Apr 18)
- Re: Virus warning, was: Re: All your NIC handles are belong to us John Fraizer (Apr 18)
- Re: Virus warning, was: Re: All your NIC handles are belong to us Thomas Kernen (Apr 18)
- <Possible follow-ups>
- Re: Virus warning, was: Re: All your NIC handles are belong to us Andrea Abrahamsen (Apr 18)
- Re: Virus warning, was: Re: All your NIC handles are belong to us Owen DeLong (Apr 18)
- Re: Virus warning, was: Re: All your NIC handles are belong to us Stephen Griffin (Apr 18)