RE: Weird e-mail

  • From: Debie Allen <debie2000@xxxxxxxxx>
  • To: "\[ExchangeList\]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 26 Feb 2004 11:49:59 -0800 (PST)

Or, it could be a user with a POP3 account. That's how
it get thru our firewall, which was blocking zip
attachments to smtp mail.

--- "Hermano JS. Queiroz"
<hjsqueiroz@xxxxxxxxxxxxxxxxxx> wrote:
> http://www.MSExchange.org/
> 
> Thanks Chris, I really appreciate your thoughts on
> this and I'll pass this message to him. Actually if
> this situation was related with us probably this
> option won't be the best one for our University
> because we are depending on students from
> everywhere.
> 
> Thanks,
> 
> Hermano
> 
> -----Original Message-----
> From: Chris Wall
> [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, February 26, 2004 2:20 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Weird e-mail
> 
> 
> http://www.MSExchange.org/
> 
> Hermano,
> 
>    If your organization is anything like ours it
> could be that a 'visitor'
> or employee has brought in an infected laptop and
> put it on your wire.  The
> virus could have started like that...  Since Netsky
> uses its own SMTP engine
> it could have started propogating on your network
> that way. 
> 
>    To combat this, we have blocked all SMTP traffic
> at the Firewall level
> (except from approved IP's) so that we can monitor
> SMTP traffic in the
> organization and detect where it is coming from. 
> This worked well with us
> and we were able to quarantine any infected machines
> with virus' that use
> their own SMTP engine.
> 
>    Not sure about the .zip file size...
> 
>    Just a thought.  Anyone else have any ideas?  
> 
> Chris 
> 
> -----Original Message-----
> From: Hermano JS. Queiroz
> [mailto:hjsqueiroz@xxxxxxxxxxxxxxxxxx] 
> Sent: Thursday, February 26, 2004 2:09 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Weird e-mail
> 
> http://www.MSExchange.org/
> 
> I got message from this guy in my other discuss list
> and I tought we need to
> know about it.
> 
> Hermano
> 
>
---------------------------------------------------------------------------
> 
> Hi All
> 
> Something weird has been happening the last three
> days. We have been getting
> mails that look like the NetSky virus (smae text and
> attachments), to a
> certain mailboxs, but the weird thing is that the
> .zip attachment is 78
> Bytes, the actual virus .zip file is 22,016 bytes.
> Another things is our
> Mailsweeper is set to block all .zip files but this
> one is getting through.
> I did a test and sent a mail with a normal .zip
> attachment to this mail box
> and it got blocked. Has anyone seen this or have any
> ideas on what its all
> about?
> 
> Thanks in advance.
> 
> Sean
>
----------------------------------------------------------------------------
> -----
> 
>
------------------------------------------------------
>
------------------------------------------------------
> List Archives:
>
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters:
> http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ:
>
http://www.msexchange.org/pages/larticle.asp?type=FAQ
>
------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com
> No.1 ISA Server Resource Site:
> http://www.isaserver.org Windows Security
> Resource Site: http://www.windowsecurity.com/
> Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax
> Solutions:
> http://www.ntfaxfaq.com
>
------------------------------------------------------
> 
>
------------------------------------------------------
> List Archives:
>
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters:
> http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ:
>
http://www.msexchange.org/pages/larticle.asp?type=FAQ
>
------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com
> No.1 ISA Server Resource Site:
> http://www.isaserver.org Windows Security
> Resource Site: http://www.windowsecurity.com/
> Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax
> Solutions:
> http://www.ntfaxfaq.com
>
------------------------------------------------------
> 
>
------------------------------------------------------
> List Archives:
>
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters:
> http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ:
>
http://www.msexchange.org/pages/larticle.asp?type=FAQ
>
------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com
> No.1 ISA Server Resource Site:
> http://www.isaserver.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
>
------------------------------------------------------
> 
>
------------------------------------------------------
> List Archives:
>
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters:
> http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ:
>
http://www.msexchange.org/pages/larticle.asp?type=FAQ
>
------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com
> No.1 ISA Server Resource Site:
> http://www.isaserver.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
>
------------------------------------------------------


__________________________________
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 02-2004