Archived posting to the Leica Users Group, 2002/01/29
[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]<<The thing is that all of these virus e-mails are so transparent I am surprised if anybody would be fooled by them.>> I do volunteer computer maintenence work at my church....................you wouldn't believe how dingy some of those folks are when it comes to attachements, virusi and the like. Trust me, people get fooled all the time.......................... Lea - ----- Original Message ----- From: "Steve LeHuray" <icommag@toad.net> To: <leica-users@mejac.palo-alto.ca.us> Sent: Tuesday, January 29, 2002 8:34 AM Subject: Re: [Leica] FW: Virus Heads up : > I received three posting today with this subject line. : > This is not a hoax. See below. : > : > : > Happy snaps, : > Steven Alexander : > : : Yes, I had 8 of those e-mails this morning and deleted all without opening. : The thing is that all of these virus e-mails are so transparent I am : surprised if anybody would be fooled by them. : : sl : > : > : > : > : > -----Original Message----- : > From: McHugh Robert J Contr ESC/GAR : > Sent: Tuesday, January 29, 2002 8:31 AM : > To: ESC/GA Personnel List : > Subject: Virus Heads up : > : > For your information and future email safety... : > As always, give me a call if you have questions, : > Rob : > : > NOTE: Spaces were added to file name extensions to avoid content filtering : > of this report. : > SUMMARY: A new worm known as W32/Myparty@MM has been detected in the wild. : > The Air Force has no reports of infections by this worm at any Air Force : > bases. Symantec has released the 0127 definitions. This worm will be covered : > under McAfee's DAT file 4184 but is already covered under an "extra.dat" : > file on an interim basis. : > DETAILS: This mass-mailing worm arrives in an email message containing the : > following information: : > Subject: new photos from my party! : > : > Body: Hello! : > My party... It was absolutely amazing! : > I have attached my web page with new photos! : > If you can please make color prints of my photos. Thanks! : > : > Attachment: www.myparty.yahoo.com (29,696 byte PE file) : > Running the attachment infects the local machine. The virus copies itself to : > C:\Recycled\regctrl.exe and executes that file. The users default SMTP : > server is retrieved from the registry. : > HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager : > \Accounts\00000001 : > The virus uses this SMTP server to send itself out to all addresses found in : > the Windows Address Book and addresses found within .DBX files. : > See LINKS for vendor details. : > SOLUTION: : > Update to Symantec's latest antivirus Signature, 0127, and to McAfee's : > EXTRA.DAT. See AFCERT's ftp site for EXTRA.DAT files and AFCERT web page for : > definition and/or DAT files at URLs in LINKS section below. At the : > perimeter of your network, ensure email attachments with "c o m" extensions : > are stripped at your gateway, firewall or mail server. Recommendations on : > configuring NAV Exchange, Firewall, or Gateway to block files based on file : > attachment names are listed in Symantec's document "How to block email-based : > viruses using Symantec's Virus Protection for Gateways, Firewalls, and : > Groupware", see LINKS below. : > LINKS: : > https://afcertmil.lackland.af.mil/afcert/virus/symantecknowledge.html : > https://afcertmil.lackland.af.mil/afcert/virus/symantec_soft.html : > ftp://afcert.kelly.af.mil/pub/antivirus/NAV/signatures/ : > http://vil.nai.com/vil/content/v_99332.htm : > ftp://afcert.kelly.af.mil/pub/antivirus/McAfee/Dats/extradat/ : > : > -- : > To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html : > : : -- : To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html : - -- To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html