RE: OT URGENT: Possible virus attach in zip attachments.

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 1 Aug 2003 11:00:22 -0700

>From the support list for the virus software I use:

These do look very suspicious.  It appears as though they are malformed 
viruses -- specifically, the m e s s a g e . z i p file contains a file 
message.htm.  The message.htm file appears to start with MIME headers, 
followed by a file "foo.exe" that appears to connect to the Internet, and 
HTML JavaScript code that includes a function "malware()".  Although we 
can't confirm that it is a virus, it would appear that it is almost 
certainly either a virus or some other type of malware.

John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com


> -----Original Message-----
> From: Mike Dufoe [mailto:dufoem@xxxxxxxxxxx]
> Sent: Friday, August 01, 2003 10:55 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: OT URGENT: Possible virus attach in zip
attachments.
> 
> http://www.MSExchange.org/
> 
> John, do you have anymore info than this?
> 
> 
> 
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Friday, August 01, 2003 1:43 PM
> To: [ExchangeList]
> Subject: [exchangelist] OT URGENT: Possible virus attach in zip
attachments.
> Importance: High
> 
> http://www.MSExchange.org/
> 
> WARNING, there is a rapidly spreading possible maleware virus spreading.
> 
> The subject line is y o u r  a c c o u n t without the spaces.
> The attachment is m e s s a g e . z I p without the spaces.
> 
> This is real. I have already caught many of these in the last ½ hour.
> 
> 
> John Tolmachoff MCSE CSSA
> Engineer/Consultant
> eServices For You
> www.eservicesforyou.com
> 
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSExchange.org Discussion List as:
> dufoem@xxxxxxxxxxx
> To unsubscribe send a blank email to leave-exchangelist-
> 1440469J@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSExchange.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to leave-exchangelist-
> 1440469J@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 08-2003