RE: virus from "tshinder"

  • From: "Greg Foulks" <greg.foulks@xxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 18 Apr 2002 12:45:42 -0400

Same here. After repeated requests to service providers to help with locating 
spammers/hackers/scanners.... I've just flat blocked
the networks from access to our entirely.

Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: greg.foulks@xxxxxxxx
Voice: 614.318.5036
Fax: 614.318.5005


-----Original Message-----
From: Dan Bartley [mailto:dan@xxxxxxxxxxxxxxx]
Sent: Thursday, April 18, 2002 12:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: virus from "tshinder"


http://www.ISAserver.org


I blocked several ISPs in Korea due to repeated scans and other hack attempts. 
Despite repeated complaints to the providers, and
seemingly cooperative responses, the same source IPs kept popping up. I've not 
lost anything important as a result. There seems to
be very little legitimate activity coming from that part of the globe, in my 
realm anyway.

Dan Bartley, MCSE+Internet
dan@xxxxxxxxxxxxxxx


-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, April 18, 2002 12:21
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: virus from "tshinder"

http://www.ISAserver.org


Hi John,

Thanks for the info. Which reminds me, there's been a lot of talk in the
press about blocking the Pacific rim net blocks because of viruses and
spam. I haven't implemented this at any of our locations yet, but I'm
wondering if anyone here has done this in their own company?

Thanks!

Tom
www.isaserver.org/shinder


-----Original Message-----
From: John Tolmachoff [mailto:jtolmachoff@xxxxxxxxxxxxxxxx]
Sent: Thursday, April 18, 2002 11:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: virus from "tshinder"

http://www.ISAserver.org


And Tom is such a great guy.

Who would do a thing like that?

Of course, we could look at the headers and file a complaint.

Ah, 202.157.155.35 is in Singapore.

75% of the virus notices that I receive are from infected e-mail from
that part of the world.

John Tolmachoff
IT Manager, Network Engineer
211 E. Imperial Hwy., Suite 106
Fullerton, CA  92835
714-578-7999, ext. 104
jtolmachoff@xxxxxxxxxxxxxxxx
www.reliancesoft.com
 


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, April 18, 2002 9:02 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] virus from "tshinder"

http://www.ISAserver.org


Hi folks,

    If you get a mail from "tshinder" with a heading of "this
configuration
can get" on it, drop it like the hot potato it is.
    Don't open it, don't preview it, nada.

    It's a HTML MIME.exploit/IFrame virus and WAS NOT sent by Tom.  The
one
I received came from:

    cebitasia@xxxxxxxxxxxx

--
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!




------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jtolmachoff@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
dan@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
greg.foulks@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



Other related posts: