RE: OT URGENT: Possible virus attach in zip attachm ents
- From: "Paul Nuernberger" <pen@xxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 2 Aug 2003 10:12:58 -0500
Like another poster already said - it is *very* likely you have something
lurking on your computer (spyware, hostile redirector, etc.)
Try using this tool - Spybot Search & Destroy <http://security.kolla.de> .
It is free, and the only "pay for" anti-spyware/malware program better than
Spybot is Pest Patrol.
I'm sure you'll be amazed at what it turns up.
Paul Nuernberger
-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx]
Sent: Friday, August 01, 2003 3:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT URGENT: Possible virus attach in zip attachm ents
http://www.ISAserver.org
Hi Folks,
What I've seen is really strange. I don't surf with active scripting on at
all. However, I've discovered a trick that it seems folks using JAVA have
figured out,
That I'm trying to track down.
What it does is no matter what java page you go, the same popup window opens
up. I look at the source of the web page to see if they are using JAVA. I've
not been able to find the true cause of all this!! And that is the scary
part.
So, if anyone has an idea of this and have logged anything of this nature,
Plese let me know.
Thank you,
Joseph
-----Original Message-----
From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx]
Sent: Friday, August 01, 2003 12:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT URGENT: Possible virus attach in zip attachm ents
http://www.ISAserver.org
Funny enough, none of my setups was affected by these viruses. And I'd bet
the new W32/Mimail@MM won't pass my security measures either.
I'm more worried about the RPC issue in general, what with the millions of
people using dial-up connections and not sitting behing an ISA box.
As a result, in firewalled networks the immediate threat is medium if any.
Nevertheless the machines leaving the network on a regular basis (i.e.
laptops) need immediate attention.
-----Original Message-----
From: Rogers, Brian [mailto:RogersB@xxxxxxxxxxxxxx]
Sent: Friday, August 01, 2003 8:51 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT URGENT: Possible virus attach in zip attachm ents
http://www.ISAserver.org
And if you didn't learn your lesson after Code Red and Nimda...then you
deserve what this new virus does to each and every one of your systems
:)
-----Original Message-----
From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx]
Sent: Friday, August 01, 2003 2:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT URGENT: Possible virus attach in zip attachments
http://www.ISAserver.org
Hum, good point :-) But if I remember correctly, Code Red exploited an
IIS specific vulnerability which was not addressed by WU, right?
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Friday, August 01, 2003 8:41 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: OT URGENT: Possible virus attach in
> zip attachments
>
>
> http://www.ISAserver.org
>
>
> > However, according to the information symantec supplies,
> the specific
> > vulnerability has already been detected in March or May and should
> > have been patched by WU by now.
>
> True. The vulnerability was detected some time ago. This virus came
> out this morning.
>
> The vulnerability that Code Red used was found 9 months before it came
> out and not only were there patches for it, but it was also fixed in a
> service pack. How many servers was it that was affect by Code Red?
>
> John Tolmachoff MCSE CSSA
> Engineer/Consultant
> eServices For You
> www.eservicesforyou.com
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com No.1 Exchange > Server Resource
> Site: http://www.msexchange.org Windows Security Resource
> Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rogersb@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pen@xxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
