RE: Weird e-mail

  • From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 26 Feb 2004 14:20:18 -0500

Hermano,

   If your organization is anything like ours it could be that a 'visitor'
or employee has brought in an infected laptop and put it on your wire.  The
virus could have started like that...  Since Netsky uses its own SMTP engine
it could have started propogating on your network that way. 

   To combat this, we have blocked all SMTP traffic at the Firewall level
(except from approved IP's) so that we can monitor SMTP traffic in the
organization and detect where it is coming from.  This worked well with us
and we were able to quarantine any infected machines with virus' that use
their own SMTP engine.

   Not sure about the .zip file size...

   Just a thought.  Anyone else have any ideas?  

Chris 

-----Original Message-----
From: Hermano JS. Queiroz [mailto:hjsqueiroz@xxxxxxxxxxxxxxxxxx] 
Sent: Thursday, February 26, 2004 2:09 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Weird e-mail

http://www.MSExchange.org/

I got message from this guy in my other discuss list and I tought we need to
know about it.

Hermano

---------------------------------------------------------------------------

Hi All

Something weird has been happening the last three days. We have been getting
mails that look like the NetSky virus (smae text and attachments), to a
certain mailboxs, but the weird thing is that the .zip attachment is 78
Bytes, the actual virus .zip file is 22,016 bytes. Another things is our
Mailsweeper is set to block all .zip files but this one is getting through.
I did a test and sent a mail with a normal .zip attachment to this mail box
and it got blocked. Has anyone seen this or have any ideas on what its all
about?

Thanks in advance.

Sean
----------------------------------------------------------------------------
-----
 ------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 02-2004