[Dshield] door opener

John Blaney john at pcblues.co.uk
Fri Aug 24 23:52:32 GMT 2001


The zl9 extension indicates that it is the "majistr" virus.

----- Original Message -----
From: "David Sentelle" <David.Sentelle at cnbcbank.com>
To: <dshield at dshield.org>
Sent: Friday, August 24, 2001 9:51 PM
Subject: Re: [Dshield] door opener

> Speaking of ZoneAlarm and email viruses.  I recently got an email from a
spoofed email address with an attachment that had a .ZL9 attachment.  At
first I thought this was some sort of script for setting up a rule in my
ZoneAlarm which would open ports for a trojan, MS-networking, or some other
nefarious purpose.
> Regardless of the fact that it's default association was with ZoneAlarm,
it was an EXE file, as I dragged it into notepad and saw the telltale 'This
program cannot be run in DOS mode' text in the first part of the file.
> Anyone heard of anything like that?  If the odd .ZL9 extension peaks
anyone's interest I would be glad to forward it via means other than the
> Happy Weekend everyone!)
> ―- Original message ―-
> Message: 3
> From: "Samuel" <Samuel at socal.rr.com>
> To: <dshield at dshield.org>
> Subject: Re: [Dshield] door opener
> Date: Fri, 24 Aug 2001 09:36:50 -0700
> Reply-To: dshield at dshield.org
> You say that you suspect that your system was intruded through email, and
> is my understanding that ZoneAlarm will protect us from that. ZoneAlarm's
> purpose is as a firewall but it also has a feature that is effective on
> email too. There are many other software that will shield us from
> attempting to get in through email.
> ----------------------------------------
> David Sentelle
> Network Operations Specialist
> Commerce National Bank
> 614.334.6282 Voice    614.848.8830 Fax
> "I.T. happens!)"
> This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which they are
addressed. If you have received this e-mail in error, please notify
admin at cnbcbank.com and delete it from your system.
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list