RE: W32Netsky-B
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Wed, 13 Jul 2005 15:03:30 -0300
But do you block users access to webmail??
Outlook can connect and download from webmail accounts.
S
-----Original Message-----
From: Sian Clarke [mailto:Sian.Clarke@xxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, July 13, 2005 11:11 AM
To: [ExchangeList]
Cc: [ExchangeList]
Subject: [exchangelist] RE: W32Netsky-B
http://www.MSExchange.org/
Hi Kenny,
Thanks for your reply. Fortunately, or unfortunately depending on your
thinking, we don't offer any such services at the moment.
Sian :o)
-----Original Message-----
From: Kenny Mann [mailto:nazadus@xxxxxxxxxxxxx]
Sent: 13 July 2005 14:52
To: [ExchangeList]
Subject: [exchangelist] RE: W32Netsky-B
http://www.MSExchange.org/
Webmail or IMAP, perhaps?
Check the mail headers for the IP sending it.
Kenny
> -----Original Message-----
> From: Sian Clarke [mailto:Sian.Clarke@xxxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, July 13, 2005 8:49 AM
> To: [ExchangeList]
> Cc: [ExchangeList]
> Subject: [exchangelist] RE: W32Netsky-B
>
> http://www.MSExchange.org/
>
> Hi Again Spence,
>
>
> I share your pain in the heat :o( Alas, still no go with POP3,
> although thanks for your reply! We block POP3 traffic at firewall
> level. Any other suggestions?
>
>
> Many thanks for your time,
> Sian.
>
> -----Original Message-----
> From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx]
> Sent: 13 July 2005 14:29
> To: [ExchangeList]
> Subject: [exchangelist] RE: W32Netsky-B
>
> http://www.MSExchange.org/
>
> With regards to the pop3 accounts - I didn't explain myself very well
> (it is very hot here!)
>
> Outlook on my PC has 2 accounts
> 1 setup to look at the exchange server internally.
> 1 setup to download mail from our other company's pop3 server
> (external to my network) and store them in the exchange system, not a
> PST.
>
> I have had bad mail delivered from the pop3 account into the exchange
> server store and the desktop AV has caught it - this is definitely due
> to the external mailserver not having AV and anti-spam software!
> I'm guessing that this is a very bad setup (waiting for the
> comments!), but I like my mail in 1 place and that's the exchange
> server!
>
> Now I think about this, the user might need local admin priviledges to
> do that - I have domain admin so I can cause havoc!
>
> .....Spence
>
> -----Original Message-----
> From: Sian Clarke [mailto:Sian.Clarke@xxxxxxxxxxxxxxxxxxx]
> Sent: 13 July 2005 14:07
> To: Spencer Read (Nemesis)
> Cc: [ExchangeList]
> Subject: RE: [exchangelist] RE: W32Netsky-B
>
> Hi Spence
>
> Thanks for your reply. No, we don't have any POP3 connectors running,
> and no, we have no VPN access! Any other ideas?!
>
> Thanks for your time :o)
>
>
> Sian.
>
> -----Original Message-----
> From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx]
> Sent: 13 July 2005 14:05
> To: [ExchangeList]
> Subject: [exchangelist] RE: W32Netsky-B
>
> http://www.MSExchange.org/
>
> Any home PCs/Laptops that VPN into the network?
> Any users that get mail from other pop3 accounts and store the
> messages on the exchange server?
>
> ...Spence
>
> ________________________________
>
> From: Sian Clarke [mailto:Sian.Clarke@xxxxxxxxxxxxxxxxxxx]
> Sent: 13 July 2005 13:13
> To: [ExchangeList]
> Subject: [exchangelist] W32Netsky-B
>
>
> http://www.MSExchange.org/
>
>
> People,
>
>
>
> I'm being alerted to W32/Netsky-B worms trying to run in my domain.
> My workstation level AV is stopping the virus from running so it's not
> yet a terrible problem. However I'd like to know how these messages
> got in.
> We've SMTP AV scanning at our gateway, and no sign of the message
> passing through. However the message is residing in the Inbox/
> Deleted Items of users mailboxes, with evidence of the unzipped file
> in Outlook's temporary area. I know this worm will spoof the address
> of the sender, but surely I should still this spoofed 'From' address
> in my gateway SMTP logs?
>
>
>
> If anyone can explain how this may be getting in, I'd be extremely
> grateful.
>
>
>
>
>
> Many Thanks,
>
> Sian.
>
>
>
>
>
>
> --
>
>
>
>
>
> <http://www.nelondon.nhs.uk/images/nhs.gif> Backs the Bid Newham
> University Hospital NHS Trust Backs the Bid:
> Please add your support for the 2012 Olympic and Paralympic Games at
> www.london2012.com <http://www.london2012.com/>
>
>
>
>
>
>
> --------------------------------------------------------------
> ----------
> -----------------
> The Information contained in this message is confidential and is
> intended for the addressee only. If you have received this message in
> error or there are any problems please notify the originator
> immediately.
> The unauthorised use, disclosure, copying or alteration of this
> message is strictly forbidden. This mail and any attachments have been
> scanned for viruses prior to leaving the Newham University Hospital
> NHS Trust network.
> Newham University Hospital NHS Trust will not be liable for direct,
> special, indirect or consequential damages arising from alteration of
> the contents of this message by a third party or as a result of any
> virus being passed on.
> --------------------------------------------------------------
> ----------
> -------------------
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
> as:
> ser@xxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
> as:
> sian.clarke@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
> --
> -------------------------------------------------------------------
> This message has been inspected by DynaComm i:mail
> --------------------------------------------------------------
> ---------
>
>
>
>
> --
> NHS Backs the Bid
> Newham University Hospital NHS Trust Backs the Bid:
> Please add your support for the 2012 Olympic and Paralympic Games at
> www.london2012.com
> --------------------------------------------------------------
> ----------
> -----------------
> The Information contained in this message is confidential and is
> intended for the addressee only. If you have received this message in
> error or there are any problems please notify the originator
> immediately.
> The unauthorised use, disclosure, copying or alteration of this
> message is strictly forbidden. This mail and any attachments have been
> scanned for viruses prior to leaving the Newham University Hospital
> NHS Trust network.
> Newham University Hospital NHS Trust will not be liable for direct,
> special, indirect or consequential damages arising from alteration of
> the contents of this message by a third party or as a result of any
> virus being passed on.
> --------------------------------------------------------------
> ----------
> -------------------
>
>
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
> as:
> sian.clarke@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
> --
> -------------------------------------------------------------------
> This message has been inspected by DynaComm i:mail
> --------------------------------------------------------------
> ---------
>
>
>
>
> --
> NHS Backs the Bid
> Newham University Hospital NHS Trust Backs the Bid:
> Please add your support for the 2012 Olympic and Paralympic Games at
> www.london2012.com
> --------------------------------------------------------------
> ---------------------------
> The Information contained in this message is confidential and is
> intended for the addressee only. If you have received this message in
> error or there are any problems please notify the originator
> immediately.
> The unauthorised use, disclosure, copying or alteration of this
> message is strictly forbidden. This mail and any attachments have been
> scanned for viruses prior to leaving the Newham University Hospital
> NHS Trust network.
> Newham University Hospital NHS Trust will not be liable for direct,
> special, indirect or consequential damages arising from alteration of
> the contents of this message by a third party or as a result of any
> virus being passed on.
> --------------------------------------------------------------
> -----------------------------
>
>
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
> as: nazadus@xxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
sian.clarke@xxxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
--
-------------------------------------------------------------------
This message has been inspected by DynaComm i:mail
-----------------------------------------------------------------------
--
NHS Backs the Bid
Newham University Hospital NHS Trust Backs the Bid:
Please add your support for the 2012 Olympic and Paralympic Games at
www.london2012.com
------------------------------------------------------------------------
-----------------
The Information contained in this message is confidential and is
intended for the addressee only. If you have received this message in
error or there are any problems please notify the originator
immediately.
The unauthorised use, disclosure, copying or alteration of this message
is strictly forbidden. This mail and any attachments have been scanned
for viruses prior to leaving the Newham University Hospital NHS Trust
network.
Newham University Hospital NHS Trust will not be liable for direct,
special,
indirect or consequential damages arising from alteration of the
contents
of this message by a third party or as a result of any virus being
passed on.
------------------------------------------------------------------------
-------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
ExchangeMailingList@xxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
The correct technical term for haggis stalking is "havering".
Other related posts:
