| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031114231947.2667A4304A@maja.zesoi.fer.hr> From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja) Subject: Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Larry Hand > Sent: Saturday, 15 November 2003 8:38 a.m. > To: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES > > On Thursday 13 November 2003 04:43 pm, Larry Hand wrote: > > Anyone else seeing this? It comes with an attachment Paypal.asp.scr. > > Anyone know what it is? It sure looks suspicious. > > And a bunch of people answered! Thanks to you all. > > Thanks for the links. I expect it's that MiMail trojan. It's rare that a > virus gets through the filters here. Apparently it's a new variant which > slipped in before the newest AV signature updates were installed. Since NAI > didn't find out about it until today, I guess that's reasonable :-) That is why you should implement content blocking at your e-mail server. There is absolutely no reason to allow .scr files to go around. If you had this blocked, it would stop MiMail-I without AV updates. Also, note that this attachment has double extension, which should also be automatically blocked. You can check unsafe extensions list at Microsoft's Web site: http://support.microsoft.com/default.aspx?scid=kb;EN-US;262631 Regards, Bojan Zdrnja CISSP
Powered by blists - more mailing lists