[TriLUG] Re: [lug] N00b: Security Warning Fun

Turnpike Man turnpike420 at yahoo.com
Tue Aug 19 15:31:07 EDT 2003


Our CEO today got 50+ emails right smack on top of each other... all with some
.xls (M$ Excel) attachment, no notification from virus scanner that it was a
virus, but I encourage immediate delete, not to open and find out! :)  It came
from random rr.com/aol.com and a variety of other spoofed domains.

laters,
David M.

--- Ryan Wheaton <ryan.wheaton at comcast.net> wrote:
> I've noticed an unsual high amount of spam coming through as well.  Some 
> with this subject, some with others, but all with a .pif attachment.  My 
> firewall filters out .pif's so i'm not too concerned, but it's driving my 
> users crazy (sometimes, emails come once a minute or so).  Anyone else seen 
> this or have an explanation??
> 
> -ryan
> 
> At 01:20 PM 8/19/2003 -0600, you wrote:
> >Folks, I just got a Procmail Security daemon message from uwaterloo
> >saying:
> >
> >*** SECURITY WARNING ***
> >Our email gateway has detected that your message to
> >jwwalker msgid=<200308191900.h7JJ0nA01475 at watarts.uwaterloo.ca>
> >MAY contain hazardous embedded scripting or attachments, or has been
> >rejected by our site security policy for some other reason. If you have
> >a question, please reply to this notification message.
> >
> >It goes on to say that I sent "wicked_scr.scr", which is one of the
> >Sobig.F files.  Now am I right in assuming the worm spoofed my address
> >and sent this out?  I never use mail on Windows, so I'm pretty sure *I*
> >didn't send it, but I've never gotten one of these warnings before.
> >
> >Sorry for a dumb question, but as I said, this is new to me.
> >
> >Matt
> >
> >--
> >"And isn't sanity really just a one-trick pony, anyway?  I mean,
> >all you get is one trick, rational thinking, but when you're good
> >and crazy, ooh ooh ooh, the sky's the limit!" -- The Tick
> >   The Matt -- http://ucsub.colorado.edu/~thompsma/
> 
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com



More information about the TriLUG mailing list