Skip to comments.
New Email Worm
CERT / IBM / Trend Micro / MS ^
Posted on 08/01/2003 12:19:53 PM PDT by dfrussell
New Internet Worm: worm_mimail.a
(Excerpt) Read more at microsoft.com ...
TOPICS: Miscellaneous
KEYWORDS: mdm; techindex
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-48 next last
To: woofer
unbelievable! the email that is going around looks nothing like something that should be coming in corporate mail doh!
21
posted on
08/01/2003 12:38:31 PM PDT
by
boxerblues
(God Bless the 101st, stay safe, stay alert and watch your backs)
To: boxerblues
I'll add a rule #2....be strict in making friends and acquaintences to remove you from silly "joke of the day" type mailing lists.
22
posted on
08/01/2003 12:39:48 PM PDT
by
mr.pink
To: dead
we just get a screen shot of the offending message and it sez DO NOT OPEN THIS!
23
posted on
08/01/2003 12:41:35 PM PDT
by
boxerblues
(God Bless the 101st, stay safe, stay alert and watch your backs)
To: boxerblues
My company is shutting down a number of applications this weekend that are especially vulnerable (those that incorporate NetBIOS or RPC, whatever they are.)
They almost never do something like that.
24
posted on
08/01/2003 12:43:49 PM PDT
by
dead
(Perdicaris alive or Raisuli dead!)
To: dead
Not a techie, but I wonder if this has anything to do with gov't warning about the internet attacks they were talking about earlier this week.
25
posted on
08/01/2003 12:45:55 PM PDT
by
boxerblues
(God Bless the 101st, stay safe, stay alert and watch your backs)
To: dead
that means they will be shutting down all Windows machines if that's the case.
26
posted on
08/01/2003 12:51:55 PM PDT
by
dnandell
("you've heard of plato, aristotle, socretes?" "yes" "morons")
To: Sir Gawain
Anyone that opens an email attachment with that kind of text deserves what they getMany people are not computer savvy and are vulnerable to these things. Especially if your virus scan does not flag it.
A few months ago I got sent the Ganda virus and Norton let it through. I was suspicious and deleted it without reading it. A few days later it came back and was flagged as a virus by Norton. If you are the first in your neighborhood to get a new virus you may not have an updated virus scan that can detect it. - tom
27
posted on
08/01/2003 12:53:48 PM PDT
by
Capt. Tom
(anything done in moderation shows a lack of interest -Capt. Tom circa 1948)
To: Arpege92
Be just a bit careful even about email names you know. I recently received an email from a friend and I recognized the subject and it looked perfectly ok. But, the address didn't look quite right. After the @ the location was different from usual. Still, it was passable. But my anti-virus caught it and I discovered it was a variety that spoofs.
At first I accused our friend.
It invaded an organization to which our friend once sent the same email subject. It stole her email name and attached it to the email tail of the organization, and stole her subject line as well. Then, it sent out to all the addys attached to the original. When I queried our friend, she was shocked, surprised, never got hit at all, but almost got the blame.
To: lainie
Yehp. It's using the defect indicated by the link to spread. The defect is old, the worm is new.
To: dfrussell
We've gotten about a hundred hits on this one at work today.
30
posted on
08/01/2003 1:06:05 PM PDT
by
Junior
(Killed a six pack ... just to watch it die.)
To: boxerblues
#1 rule if you dont know who sent it, the delete is your best friend. If you see a lot of messages from your "friends" with the same subject all of a sudden chances are it is a virus. Better safe than sorryActually, if you're using "LookOut," RULE #1 should be to turn off the "Preview Pane." Many malicious code virus and worm infections can occur by simply opening the email, and if the preview pane is open, just clicking on the message will infect your computer before you can delete the message!
To turn off the preview Pane, go to View -> Layout, and then disable the preview pane (I don't have it on this computer, so I'm doing this from memory).
Mark
31
posted on
08/01/2003 1:06:17 PM PDT
by
MarkL
(I didn't claw my way to the top of the foodchain for a salad!)
To: dfrussell; *tech_index; MizSterious; shadowman99; Sparta; freedom9; martin_fierro; PatriotGames; ...
32
posted on
08/01/2003 1:09:20 PM PDT
by
Ernest_at_the_Beach
(All we need from a Governor is a VETO PEN!!!)
To: 8mmMauser
Spoofing the return is pretty much the SOP, these days.
IE seems to have been particularly prone. I generally use a linux/unix base and have three different, consecutive virus filters and six different, consecutive spam filters (open proxy / relay / europe / etc).
Our inbound relays are refusing one of these every second or two now... this one has a static subject line so it's easy to refuse before it even gets to the virus filters.
No point in wasting cycles on stuff like this.
To: dfrussell
Yeh, there goes the afternoon. Five minutes to deploy the latest virus siggies, four hours to change management diapers...
To: Ernest_at_the_Beach
I think I got three of these this afternoon, but Norton never had a chance--I deleted them from the server via mailwasher. I figured they were either something like this, or just dumb spam. Either way, I didn't want them.
35
posted on
08/01/2003 1:21:29 PM PDT
by
MizSterious
(Support whirled peas!)
To: unix
Been there, done that, and got the T-Shirt!
36
posted on
08/01/2003 1:29:14 PM PDT
by
killerw
("All of my guns together haven't killed as many people as ted kennedy's car".)
To: MizSterious
New e-mail worm spinning across the Internet
By DWIGHT SILVERMANCopyright 2003 Houston Chronicle A new e-mail worm that takes advantage of a flaw in Internet Explorer 6 and appears to come from a recipient's computer system administator is racing across the Internet today.
Mimail.A includes the words "Your Account" in the subject line and comes with an attachment named MESSAGE.ZIP. Symantec Corp., which makes Norton Antivirus software, has pegged Mimail's threat level at 3 out of a possible 4.
Vincent Weafer, senior director for Symantec Security Response, said the worm does not appear to be destructive, but it is spreading rapidly across the Internet, and may be bogging down e-mail servers.
He said the appearance of the worm caught many companies and individuals by surprise.
"I suspect that, after the weekend, it will die down as companies update their firewalls and consumers download new antivirus definitions," he said.
The worm tricks users into opening the attachment because it appears to come from someone who works on the computer network within the receiver's domain. For example, users who are on America Online may see the worm with a From: adddress of admin@aol.com.
The U.S. Department of Homeland Security earlier this week warned of a threat to the Internet from hackers and virus writers taking advantage of a recently found flaw in Microsoft's Windows operating systems. Weafer said Mimail does not appear to be related, taking advantage of a different flaw.
More information is available at Symantec's Web site.
37
posted on
08/01/2003 1:33:40 PM PDT
by
Dog Gone
To: dfrussell; All
38
posted on
08/01/2003 1:58:16 PM PDT
by
lainie
To: killerw
Right on!
Love your tagline..that's funny
To: dfrussell
HOW WE TELL PEOPLE IT WORKS:
Administrative support people meet with management. Latest patch discussed, server schedule made and heroic SAs volunteer to spend their evening away from home and family defending the firm against the killer virus.
HOW IT REALLY WORKS:
1. Patches integrated into regular support schedule that was going to run this evening anyhow.
2. SA 1 whose husband works at Microsoft calls him and says "if your company didn't write such s*$&%&y code I wouldn't have to stay late tonight. YOU're doing the housework, buddy!" (I am not making this up).
3. SA 2 (your hero BtD) volunteers to stay this evening to reboot such servers as a trembling management dares to do (we're "testing") - sniffling over an evening lost and hiding his baseball game tickets behind his back...
4. Management goes home satisfied that the job is in the hands of professionals. SA 1 goes out for a drink with the girls. SA 2 (me) patches the boxes. Will reboot at 5:00. Will be in beer garden by 5:30. First pitch at 7:05...
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-48 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson