RE: W32Netsky-B

  • From: "Steve Moffat" <steve@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 13 Jul 2005 09:38:09 -0300

Is anyone using pop 3 accounts within your network?
 
S

________________________________

From: Sian Clarke [mailto:Sian.Clarke@xxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, July 13, 2005 9:13 AM
To: [ExchangeList]
Subject: [exchangelist] W32Netsky-B


http://www.MSExchange.org/


People,

 

I'm being alerted to W32/Netsky-B worms trying to run in my domain.  My
workstation level AV is stopping the virus from running so it's not yet
a terrible problem.  However I'd like to know how these messages got in.
We've SMTP AV scanning at our gateway, and no sign of the message
passing through.  However the message is residing in the Inbox/ Deleted
Items of users mailboxes, with evidence of the unzipped file in
Outlook's temporary area.  I know this worm will spoof the address of
the sender, but surely I should still this spoofed 'From' address in my
gateway SMTP logs?

 

If anyone can explain how this may be getting in, I'd be extremely
grateful.

 

 

Many Thanks,

Sian.

 

 


-- 

 

 

 <http://www.nelondon.nhs.uk/images/nhs.gif> Backs the Bid
Newham University Hospital NHS Trust Backs the Bid:
Please add your support for the 2012 Olympic and Paralympic Games at
www.london2012.com <http://www.london2012.com/> 

 




------------------------------------------------------------------------
----------------- 
The Information contained in this message is confidential and is 
intended for the addressee only. If you have received this message in 
error or there are any problems please notify the originator
immediately. 
The unauthorised use, disclosure, copying or alteration of this message 
is strictly forbidden. This mail and any attachments have been scanned 
for viruses prior to leaving the Newham University Hospital NHS Trust
network. 
Newham University Hospital NHS Trust will not be liable for direct,
special, 
indirect or consequential damages arising from alteration of the
contents 
of this message by a third party or as a result of any virus being
passed on. 
------------------------------------------------------------------------
------------------- 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
ExchangeMailingList@xxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 


The correct technical term for haggis stalking is "havering". 

Other related posts: