Simon G. Nelson
2004-03-23 19:43:56 UTC
Dan,
I believe it's the netsky.p virus, we've received about 25 of these here today.
http://securityresponse.symantec.com/avcenter/venc/data/***@mm.html
Our simple 'no executable' rule has been removing the attachments. The link, as far as I can tell, does nothing at all with the attachment removed.
Simon Nelson, Sr. Systems Administrator/Database Analyst
ROI Solutions, Inc.
Medford, MA
-----Original Message-----
From: Dan Denton [mailto:***@PAYLESSOFFICE.com]
Sent: Tuesday, March 23, 2004 11:26 AM
To: focus-***@securityfocus.com
Subject: New virus?
I've gotten 2 of these messages today so far with the subject line "Mail
Delivery (failure ***@paylessoffice.com)"
The emails contain a message body saying:
If the message will not displayed automatically,
follow the link to read the delivered message.
Received message is available at: (I've removed the link)
The link points to our web address and is followed by what looks like
the path to an exchange inbox. It is then followed by a read.php?
extension and a session ID. What clued me in was the exchange inbox path
on our webserver, which is UNIX, and not running any webmail utility.
Anyone seen these?
Dan Denton
IT Manager, CCNA
Pay-LESS Office Products
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-virus_040301
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-virus_040301
----------------------------------------------------------------------------
I believe it's the netsky.p virus, we've received about 25 of these here today.
http://securityresponse.symantec.com/avcenter/venc/data/***@mm.html
Our simple 'no executable' rule has been removing the attachments. The link, as far as I can tell, does nothing at all with the attachment removed.
Simon Nelson, Sr. Systems Administrator/Database Analyst
ROI Solutions, Inc.
Medford, MA
-----Original Message-----
From: Dan Denton [mailto:***@PAYLESSOFFICE.com]
Sent: Tuesday, March 23, 2004 11:26 AM
To: focus-***@securityfocus.com
Subject: New virus?
I've gotten 2 of these messages today so far with the subject line "Mail
Delivery (failure ***@paylessoffice.com)"
The emails contain a message body saying:
If the message will not displayed automatically,
follow the link to read the delivered message.
Received message is available at: (I've removed the link)
The link points to our web address and is followed by what looks like
the path to an exchange inbox. It is then followed by a read.php?
extension and a session ID. What clued me in was the exchange inbox path
on our webserver, which is UNIX, and not running any webmail utility.
Anyone seen these?
Dan Denton
IT Manager, CCNA
Pay-LESS Office Products
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-virus_040301
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-virus_040301
----------------------------------------------------------------------------