[TriLUG] [OT] Sys admin heads up
Chris Knowles
chrisk at trilug.org
Tue Mar 11 14:53:36 EST 2003
Huh, and here I always thought the MS patches *were* worms.
CJK
On Tue, 2003-03-11 at 14:43, Jim Ray wrote:
> shoot. now i've really screwed up. i thought i had installed a patch from microsoft for my linux machine when it was really a worm!
>
> -----Original Message-----
> From: Mike M [mailto:linux-support at earthlink.net]
> Sent: Tue 3/11/2003 2:43 PM
> To: trilug at trilug.org
> Cc:
> Subject: Re: [TriLUG] [OT] Sys admin heads up
>
>
>
> And then this came in...
>
> To everyone who got this mail... I need not say it, but NEVER run any
> executables mailed to you... this one contains an unknown virus...
>
> /tmp/q113407.exe
> Found virus or variant New Worm !!!
> Please send a copy of the file to Network Associates
> The file has been renamed.
>
>
> And to the person sending this... I will file an abuse report with your
> provider... And you're not to smart to put everyone in the CC list, so I
> can send the same list of people a warning :)
>
> Idiot...
>
> --
> Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
> Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
> Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl
>
> On Tuesday 11 March 2003 14:17, David A. Cafaro wrote:
> > Looks like a variant of this:
> >
> > http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe.b@mm.html
> >
> > But that attached file is a new name variant.
> >
> > On Tue, 2003-03-11 at 14:07, Mike M wrote:
> > > I just got an email with a subject:
> > > Check out these patch from M$ Corporation
> > >
> > > It only had an attached file called:
> > > q113407.exe
> > >
> > > Nothing Googles on the subject or the filename.
> > >
> > > Here are the headers:
> > > Status: R
> > > Return-Path: <robert.wotherspoon at sympatico.ca>
> > > Received: from tomts9-srv.bellnexxia.net ([209.226.175.53])
> > > by merlin (EarthLink SMTP Server) with SMTP id 18SOyA2gf3NZFlq0
> > > Tue, 11 Mar 2003 10:32:55 -0800 (PST)
> > > Received: from workstation5 ([64.231.209.78]) by
> > > tomts12-srv.bellnexxia.net (InterMail vM.5.01.04.19
> > > 201-253-122-122-119-20020516) with ESMTP id
> > > <20030311180052.XRSU11647.tomts12-srv.bellnexxia.net at workstation5>;
> > > Tue, 11 Mar 2003 13:00:52 -0500
> > > From: "WOTHERSPOON" <robert.wotherspoon at sympatico.ca>
> > > To:
> > > -A LONG LIST OF EMAIL ADDRESSES HERE-
> > > Subject: Check out these patch from M$ Corporation.
> > > Date: Tue, 11 Mar 2003 13:08:24 -0500
> > > Message-ID: <045e01c2e7f9$351a8a80$6a01a8c0 at bellnet.ca>
> > > MIME-Version: 1.0
> > > Content-Type: application/x-msdownload;
> > > name="q113407.exe"
> > > Content-Transfer-Encoding: base64
> > > Content-Disposition: attachment;
> > > filename="q113407.exe"
> > > X-Priority: 3 (Normal)
> > > X-MSMail-Priority: Normal
> > > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> > > Importance: Normal
> > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> > > X-Status: N
> > > --
> > > Mike M.
> > > _______________________________________________
> > > TriLUG mailing list
> > > http://www.trilug.org/mailman/listinfo/trilug
> > > TriLUG Organizational FAQ:
> > > http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> >
> > _______________________________________________
> > TriLUG mailing list
> > http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ:
> > http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>
> --
> Mike M.
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>
>
--
Chris Knowles <chrisk at trilug.org>
More information about the TriLUG
mailing list