RE: OT URGENT: Possible virus attach in zip attachments.

  • From: "Robert J. Liebsch" <rliebsch@xxxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 1 Aug 2003 11:05:38 -0700

I will add to the FUD and alarm...

I think on FullDisclosure, or Security News Portal, it is reported there is a
virus/spam message
witha keylogger in it...

FUD or true warning, I don't know, but better safe than up all night fixing
the damage....


Robert Liebsch, IT
Stone Yamashita Partners
San Francisco, CA

> ----------
> From:         John Tolmachoff (Lists)
> Reply To:     [ExchangeList]
> Sent:         Friday, August 1, 2003 11:00 AM
> To:   [ExchangeList]
> Subject:      [exchangelist] RE: OT URGENT: Possible virus attach in zip
> attachments.
> 
> http://www.MSExchange.org/
> 
> >From the support list for the virus software I use:
> 
> These do look very suspicious.  It appears as though they are malformed 
> viruses -- specifically, the m e s s a g e . z i p file contains a file 
> message.htm.  The message.htm file appears to start with MIME headers, 
> followed by a file "foo.exe" that appears to connect to the Internet, and 
> HTML JavaScript code that includes a function "malware()".  Although we 
> can't confirm that it is a virus, it would appear that it is almost 
> certainly either a virus or some other type of malware.
> 
> John Tolmachoff MCSE CSSA
> Engineer/Consultant
> eServices For You
> www.eservicesforyou.com
> 
> 
> > -----Original Message-----
> > From: Mike Dufoe [mailto:dufoem@xxxxxxxxxxx]
> > Sent: Friday, August 01, 2003 10:55 AM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: OT URGENT: Possible virus attach in zip
> attachments.
> > 
> > http://www.MSExchange.org/
> > 
> > John, do you have anymore info than this?
> > 
> > 
> > 
> > -----Original Message-----
> > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> > Sent: Friday, August 01, 2003 1:43 PM
> > To: [ExchangeList]
> > Subject: [exchangelist] OT URGENT: Possible virus attach in zip
> attachments.
> > Importance: High
> > 
> > http://www.MSExchange.org/
> > 
> > WARNING, there is a rapidly spreading possible maleware virus spreading.
> > 
> > The subject line is y o u r  a c c o u n t without the spaces.
> > The attachment is m e s s a g e . z I p without the spaces.
> > 
> > This is real. I have already caught many of these in the last 1/2 hour.
> > 
> > 
> > John Tolmachoff MCSE CSSA
> > Engineer/Consultant
> > eServices For You
> > www.eservicesforyou.com
> > 
> > 
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this MSExchange.org Discussion List as:
> > dufoem@xxxxxxxxxxx
> > To unsubscribe send a blank email to leave-exchangelist-
> > 1440469J@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this MSExchange.org Discussion List as:
> > johnlist@xxxxxxxxxxxxxxxxxxx
> > To unsubscribe send a blank email to leave-exchangelist-
> > 1440469J@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSExchange.org Discussion List as:
> rliebsch@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> 

Other related posts: