RE: W32Netsky-B
- From: "Kenny Mann" <nazadus@xxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Wed, 13 Jul 2005 08:52:14 -0500
Webmail or IMAP, perhaps?
Check the mail headers for the IP sending it.
Kenny
> -----Original Message-----
> From: Sian Clarke [mailto:Sian.Clarke@xxxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, July 13, 2005 8:49 AM
> To: [ExchangeList]
> Cc: [ExchangeList]
> Subject: [exchangelist] RE: W32Netsky-B
>
> http://www.MSExchange.org/
>
> Hi Again Spence,
>
>
> I share your pain in the heat :o( Alas, still no go with
> POP3, although thanks for your reply! We block POP3 traffic
> at firewall level. Any other suggestions?
>
>
> Many thanks for your time,
> Sian.
>
> -----Original Message-----
> From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx]
> Sent: 13 July 2005 14:29
> To: [ExchangeList]
> Subject: [exchangelist] RE: W32Netsky-B
>
> http://www.MSExchange.org/
>
> With regards to the pop3 accounts - I didn't explain myself
> very well (it is very hot here!)
>
> Outlook on my PC has 2 accounts
> 1 setup to look at the exchange server internally.
> 1 setup to download mail from our other company's pop3 server
> (external to my network) and store them in the exchange
> system, not a PST.
>
> I have had bad mail delivered from the pop3 account into the
> exchange server store and the desktop AV has caught it - this
> is definitely due to the external mailserver not having AV
> and anti-spam software!
> I'm guessing that this is a very bad setup (waiting for the
> comments!), but I like my mail in 1 place and that's the
> exchange server!
>
> Now I think about this, the user might need local admin
> priviledges to do that - I have domain admin so I can cause havoc!
>
> .....Spence
>
> -----Original Message-----
> From: Sian Clarke [mailto:Sian.Clarke@xxxxxxxxxxxxxxxxxxx]
> Sent: 13 July 2005 14:07
> To: Spencer Read (Nemesis)
> Cc: [ExchangeList]
> Subject: RE: [exchangelist] RE: W32Netsky-B
>
> Hi Spence
>
> Thanks for your reply. No, we don't have any POP3 connectors
> running, and no, we have no VPN access! Any other ideas?!
>
> Thanks for your time :o)
>
>
> Sian.
>
> -----Original Message-----
> From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx]
> Sent: 13 July 2005 14:05
> To: [ExchangeList]
> Subject: [exchangelist] RE: W32Netsky-B
>
> http://www.MSExchange.org/
>
> Any home PCs/Laptops that VPN into the network?
> Any users that get mail from other pop3 accounts and store
> the messages on the exchange server?
>
> ...Spence
>
> ________________________________
>
> From: Sian Clarke [mailto:Sian.Clarke@xxxxxxxxxxxxxxxxxxx]
> Sent: 13 July 2005 13:13
> To: [ExchangeList]
> Subject: [exchangelist] W32Netsky-B
>
>
> http://www.MSExchange.org/
>
>
> People,
>
>
>
> I'm being alerted to W32/Netsky-B worms trying to run in my
> domain. My workstation level AV is stopping the virus from
> running so it's not yet a terrible problem. However I'd like
> to know how these messages got in.
> We've SMTP AV scanning at our gateway, and no sign of the
> message passing through. However the message is residing in
> the Inbox/ Deleted Items of users mailboxes, with evidence of
> the unzipped file in Outlook's temporary area. I know this
> worm will spoof the address of the sender, but surely I
> should still this spoofed 'From' address in my gateway SMTP logs?
>
>
>
> If anyone can explain how this may be getting in, I'd be
> extremely grateful.
>
>
>
>
>
> Many Thanks,
>
> Sian.
>
>
>
>
>
>
> --
>
>
>
>
>
> <http://www.nelondon.nhs.uk/images/nhs.gif> Backs the Bid
> Newham University Hospital NHS Trust Backs the Bid:
> Please add your support for the 2012 Olympic and Paralympic
> Games at www.london2012.com <http://www.london2012.com/>
>
>
>
>
>
>
> --------------------------------------------------------------
> ----------
> -----------------
> The Information contained in this message is confidential and
> is intended for the addressee only. If you have received this
> message in error or there are any problems please notify the
> originator immediately.
> The unauthorised use, disclosure, copying or alteration of
> this message is strictly forbidden. This mail and any
> attachments have been scanned for viruses prior to leaving
> the Newham University Hospital NHS Trust network.
> Newham University Hospital NHS Trust will not be liable for
> direct, special, indirect or consequential damages arising
> from alteration of the contents of this message by a third
> party or as a result of any virus being passed on.
> --------------------------------------------------------------
> ----------
> -------------------
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org
> Discussion List as:
> ser@xxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org
> Discussion List as:
> sian.clarke@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
> --
> -------------------------------------------------------------------
> This message has been inspected by DynaComm i:mail
> --------------------------------------------------------------
> ---------
>
>
>
>
> --
> NHS Backs the Bid
> Newham University Hospital NHS Trust Backs the Bid:
> Please add your support for the 2012 Olympic and Paralympic Games at
> www.london2012.com
> --------------------------------------------------------------
> ----------
> -----------------
> The Information contained in this message is confidential and is
> intended for the addressee only. If you have received this message in
> error or there are any problems please notify the originator
> immediately.
> The unauthorised use, disclosure, copying or alteration of
> this message
> is strictly forbidden. This mail and any attachments have
> been scanned
> for viruses prior to leaving the Newham University Hospital NHS Trust
> network.
> Newham University Hospital NHS Trust will not be liable for direct,
> special,
> indirect or consequential damages arising from alteration of the
> contents
> of this message by a third party or as a result of any virus being
> passed on.
> --------------------------------------------------------------
> ----------
> -------------------
>
>
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org
> Discussion List as:
> sian.clarke@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
> --
> -------------------------------------------------------------------
> This message has been inspected by DynaComm i:mail
> --------------------------------------------------------------
> ---------
>
>
>
>
> --
> NHS Backs the Bid
> Newham University Hospital NHS Trust Backs the Bid:
> Please add your support for the 2012 Olympic and Paralympic Games at
> www.london2012.com
> --------------------------------------------------------------
> ---------------------------
> The Information contained in this message is confidential and is
> intended for the addressee only. If you have received this message in
> error or there are any problems please notify the originator
> immediately.
> The unauthorised use, disclosure, copying or alteration of
> this message
> is strictly forbidden. This mail and any attachments have
> been scanned
> for viruses prior to leaving the Newham University Hospital
> NHS Trust network.
> Newham University Hospital NHS Trust will not be liable for
> direct, special,
> indirect or consequential damages arising from alteration of
> the contents
> of this message by a third party or as a result of any virus
> being passed on.
> --------------------------------------------------------------
> -----------------------------
>
>
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org
> Discussion List as: nazadus@xxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
Other related posts:
