Hi Tom ;)
See my earlier post... to which I add... most of these viruses (Beagle
of last week and MyDoom again of this week) carry their own SMTP "server"
and related 'code' pieces... They need only find a SMTP relay point...
Can anybody say "MX" records?
Remember, if your 3k will relay and has SMTP turned on... it can be
used to spread a virus... theoretically :)
Art "hmmm... I wonder.... " Bahrs
=======================================================
Art Bahrs, CISSP Information Security The Regence Group
(503) 553-1425 FAX (503) 553-1453
|---------+-------------------------------->
| | "Emerson, Tom" |
| | <Tom.Emerson@warnerbr|
| | os.com> |
| | Sent by: "HP-3000 |
| | Systems Discussion" |
| | <[log in to unmask]
| | DU> |
| | |
| | |
| | 07/27/2004 10:34 AM |
| | Please respond to |
| | "Emerson, Tom" |
| | |
| | |-------------------||
| | | [ ] Secure E-mail ||
| | |-------------------||
|---------+-------------------------------->
>--------------------------------------------------------------------------------------------------------------------------|
| |
| To: [log in to unmask] |
| cc: |
| Subject: Re: [HP3000-L] FW: status |
>--------------------------------------------------------------------------------------------------------------------------|
It is indeed a virus -- we even received an "emergency" post from our
system admins on the subject, pointing out the variations in subject matter
and attachment name and urging us to verify we had the latest "signature"
file from symantec; I **really really** hope that one or more of the
systems between "the infected computer" [be it Tracy's or another that used
Tracy's name to throw people off the trail] and my system has indeed
"cleaned" the virus -- the outlook client is especially bad for this as
when you've separated things into list folders, it is only natural to click
"next, next, next..." until you've read all the messages for the day -- a
viral message in the middle WILL get opened in this manner :( [and if it
auto executes, well...]
> -----Original Message-----
> From: Gary Nolan
>
> I received the same thing in my email yesterday claiming it
> was from my internet tech support. [...] responded that it was not
> sent from them and the attachment contained a virus.
>
> ----- Original Message -----
> From: "Tracy Pierce" <[log in to unmask]>
> > > -----Original Message-----
> > > From: [log in to unmask] [mailto:[log in to unmask]]
[...]
> > > We have received reports [...]
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
=============================================================================
IMPORTANT NOTICE: This communication, including any attachment, contains information that may be confidential or privileged, and is intended solely for the entity or individual to whom it is addressed. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message is strictly prohibited. Nothing in this email, including any attachment, is intended to be a legally binding signature.
=============================================================================
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
