lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja)
Subject: Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES

 

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Larry Hand
> Sent: Saturday, 15 November 2003 8:38 a.m.
> To: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
> 
> On Thursday 13 November 2003 04:43 pm, Larry Hand wrote:
> > Anyone else seeing this? It comes with an attachment Paypal.asp.scr. 
> > Anyone know what it is? It sure looks suspicious.
> 
> And a bunch of people answered! Thanks to you all.
> 
> Thanks for the links. I expect it's that MiMail trojan. It's rare that a 
> virus gets through the filters here. Apparently it's a new variant which 
> slipped in before the newest AV signature updates were installed. Since
NAI 
> didn't find out about it until today, I guess that's reasonable :-)

That is why you should implement content blocking at your e-mail server.
There is absolutely no reason to allow .scr files to go around. If you had
this blocked, it would stop MiMail-I without AV updates.
Also, note that this attachment has double extension, which should also be
automatically blocked.

You can check unsafe extensions list at Microsoft's Web site:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;262631


Regards,

Bojan Zdrnja
CISSP


Powered by blists - more mailing lists