[THIN] Re: VIRUS WARNING

• From: "Rowlandson, John" <John.Rowlandson@xxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Tue, 20 May 2003 00:00:08 +1000

Mallesons Stephen Jaques
www.mallesons.com

Confidential communication



the new 4265 dat came out this morning my time (aust)

trend, sophos and mcafee were all without a pattern file for about 6-7 =
business hours here in aust.



John Rowlandson
Technical Support Specialist
Mallesons Stephen Jaques
Sydney
T +61 2 9296 3653
F +61 2 9296 3676
john.rowlandson@xxxxxxxxxxxxx


-----Original Message-----
From: Rob Beekmans [mailto:R.Beekmans@xxxxxxxxx]
Sent: Monday, 19 May 2003 11:48 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: VIRUS WARNING



Block *.pif attachments and your safe to go.

Had two of them today.

Met vriendelijke groeten / With kind regards
=3D20
Rob Beekmans
Technical Consultant
A-Tree Automatisering
=3D20
Business Phone: +31 24 6452000
Business Fax: +31 24 6450463
Business website: http://www.a-tree.nl
Business E-mail: R.Beekmans@xxxxxxxxx
=3D20
Private E-mail: RobBeekmans@xxxxxxxxxxxxx
Private website: http://joulupukki.nl
=3D20


-----Oorspronkelijk bericht-----
Van: abdellah [mailto:abdellah@xxxxxxxxxx]=3D20
Verzonden: maandag 19 mei 2003 15:34
Aan: thin@xxxxxxxxxxxxx
Onderwerp: [THIN] Re: VIRUS WARNING




Thank you for the warning.


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Jim Kenzig
Sent: Monday, May 19, 2003 3:24 PM
To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;
brainstem@xxxxxxxxxxxxx
Subject: [THIN] VIRUS WARNING



If you receive an email from Support@xxxxxxxxxxxxx that has an
attachment DO NOT OPEN IT! This is a virus. Delete it immediately.  My
mcaffee I updated yesterday is not catching this one. Watch out!
Regards, Jim Kenzig


VIRUS WARNING The Central Command(r) Emergency Virus Response Team(tm)
(EVRT(tm)) has received virus infection reports for the new Internet
Worm/Palyh.A
<http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_a
dp.p
hp?p_refno=3D3D030518-000043>. Due to increased customer inquires and
infection reports the EVRT is issuing a VIRUS ALERT.

You are receiving this news letter because you are a subscriber to the
Central Command Virus News mailing list.

[ EVRT(tm) Virus Warning issued for Worm/Palyh.A
<http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_a
dp.p
hp?p_refno=3D3D030518-000043> ]

Name: Worm/Palyh.A
<http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_a
dp.p
hp?p_refno=3D3D030518-000043>
Alias: Win32.Palyh-A
Type: Internet Worm
Discovered: May 18, 2003
Size: 52.955KB
Platform: Microsoft Windows 9x/ME/NT/2000/XP


Description:

Worm/Palyh.A
<http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_a
dp.p
hp?p_refno=3D3D030518-000043> is an Internet worm that spreads through
e-mail by using addresses it collects in the files with the following
extensions, .dbx, .eml, .htm, .html, .txt, and .wab.

The worm may arrive in via email in the following format:

From: support@xxxxxxxxxxxxx
Subject: (it will contain one of the following)

- Your Password
- Screensaver
- Re: Movie
- Your details
- Approved (Ref: 38446-263)
- Re: Approved (Ref: 3394-65467)
- Cool screensaver
- Re: My details
- Re: My application
- Re: Movie

Attachment: (it will contain one of the following)

- movie28.pif
- application.pif
- ref-394755.pif
- approved.pif
- doc_details.pif
- your_details.pif
- screen_temp.pif
- screen_doc.pif
- password.pif

If executed, the worm copies itself in the \windows\ directory under the
filename "mscon32.exe".

So that it gets run each time a user restart their computer the
following registry key gets added:

- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"System Tray"=3D3D"C:\\WINDOWS\\MSCON32.EXE"

********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] VIRUS WARNING
• » [THIN] Re: VIRUS WARNING
• » [THIN] Re: VIRUS WARNING
• » [THIN] Re: VIRUS WARNING

1. Home
2. thin
3. Archive
4. 05-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---