RE: Weird e-mail

• From: "Hermano JS. Queiroz" <hjsqueiroz@xxxxxxxxxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Thu, 26 Feb 2004 14:58:27 -0500

Sorry Chris, maybe I didn't understanding your point. As University we are not 
allowing any students to have any kind of HTTP, SMTP, FTP, and other servers 
running on the dorms, of course that sometimes they aren't obedient and after a 
day or so I have to cut them off. But tell a little more about what you have 
been done, maybe will be interesting for us. How about that?

TIA,

Hermano

-----Original Message-----
From: Chris Wall [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, February 26, 2004 2:53 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Weird e-mail


http://www.MSExchange.org/

Actually, blocking SMTP on a University network (accept for University
approved e-mail systems) may be a valid solution.  You have so many students
that put their own PC's on your network...  Why would they need to have
their own SMTP service running?  Shouldn't they be using the University's
e-mail system or either a web based system?  Having their own SMTP service
running (virus or otherwise) would not make much sense...

Anyway, good luck.

Chris

-----Original Message-----
From: Hermano JS. Queiroz [mailto:hjsqueiroz@xxxxxxxxxxxxxxxxxx] 
Sent: Thursday, February 26, 2004 2:43 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Weird e-mail

http://www.MSExchange.org/

Thanks Chris, I really appreciate your thoughts on this and I'll pass this
message to him. Actually if this situation was related with us probably this
option won't be the best one for our University because we are depending on
students from everywhere.

Thanks,

Hermano

-----Original Message-----
From: Chris Wall [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, February 26, 2004 2:20 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Weird e-mail


http://www.MSExchange.org/

Hermano,

   If your organization is anything like ours it could be that a 'visitor'
or employee has brought in an infected laptop and put it on your wire.  The
virus could have started like that...  Since Netsky uses its own SMTP engine
it could have started propogating on your network that way. 

   To combat this, we have blocked all SMTP traffic at the Firewall level
(except from approved IP's) so that we can monitor SMTP traffic in the
organization and detect where it is coming from.  This worked well with us
and we were able to quarantine any infected machines with virus' that use
their own SMTP engine.

   Not sure about the .zip file size...

   Just a thought.  Anyone else have any ideas?  

Chris 

-----Original Message-----
From: Hermano JS. Queiroz [mailto:hjsqueiroz@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, February 26, 2004 2:09 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Weird e-mail

http://www.MSExchange.org/

I got message from this guy in my other discuss list and I tought we need to
know about it.

Hermano

---------------------------------------------------------------------------

Hi All

Something weird has been happening the last three days. We have been getting
mails that look like the NetSky virus (smae text and attachments), to a
certain mailboxs, but the weird thing is that the .zip attachment is 78
Bytes, the actual virus .zip file is 22,016 bytes. Another things is our
Mailsweeper is set to block all .zip files but this one is getting through.
I did a test and sent a mail with a normal .zip attachment to this mail box
and it got blocked. Has anyone seen this or have any ideas on what its all
about?

Thanks in advance.

Sean
----------------------------------------------------------------------------
-----
 ------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------

Other related posts:

• » RE: Weird e-mail
• » RE: Weird e-mail
• » RE: Weird e-mail
• » RE: Weird e-mail
• » RE: Weird e-mail
• » RE: Weird e-mail

1. Home
2. exchangelist
3. Archive
4. 02-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---