[Dshield] New Outlook virus?

Paul Oliver p.oliver at concentriccontrols.com
Wed Oct 2 13:24:23 GMT 2002


You may well find that your ISP filters out port 137-139 traffic, this is
the case with our ISP so we haven't seen any incoming traffic on those
ports.

Paul.

----- Original Message -----
From: "Bob Savage" <bsavage at rnr-inc.com>
To: <list at dshield.org>
Sent: Wednesday, October 02, 2002 1:22 PM
Subject: RE: [Dshield] New Outlook virus?


> We do use Windows here, and have had absolutely no activity of the type
> described over the last few days in the discussion of these new
> viruses/attacks.  I've checked every morning for port 137 or port 1025 -
> 1029 traffic: source or destination, in or out, udp/tcp/anything else.
> None.  Not one packet using or attempting to use those ports.
>
> There's a whole lot I don't know, but I'm puzzled over this one.  Glad,
> to be sure, but still puzzled.
>
> Bob
>
>
> -----Original Message-----
> From: John Draper [mailto:crunch at shopip.com]
> Sent: Tuesday, October 01, 2002 4:56 AM
> To: list at dshield.org
> Subject: Re: [Dshield] New Outlook virus?
>
>
> >   It appears that you receive an infected message that shows no
> >attachment when viewed in Outlook.  When opened the virus sends email
> >out to people in your address book with a subject and content taken
> >from a previously sent message.  One person reported seeing something
> >flash on their screen very quickly when it was opened.  The virus is
> >attaching itself using the name of an attachment you sent before.
> >   Up to date Mcafee and Norton virus scanners do not appear to be
> >catching it.  My Anomy Sanitizer at home caught that there was an .scr
> >attachment with the message and defanged it.  Other people reported
> >that their virus scanner did not catch it but an email defanger did.
>
> I don't use WinBlows,  so don't see anything unusual,  unless you count
> 30 identical mail messages with a Klez-H vitus attached!    :-)
>
> John
>
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>



This e-Mail (and any attachments) should only be read by the intended
addressee(s) and not be relied upon without subsequent written confirmation
of its contents. Concentric Controls Ltd. accepts no liability for the
consequences of any person acting on such information prior to the receipt
of such confirmation. If you are not the intended recipient, you are not
authorised to, and must not use, disclose, copy, distribute, or retain this
message, its attachments or any part thereof. Any views or opinions
expressed are those of the author and do not necessarily reflect the
opinions of Concentric Controls Ltd.

Concentric Controls Ltd.  www.concentriccontrols.com
Priory Road, Aston, Birmingham B6 7LH, UK
Tel: +44 (0)121 327 1662   Fax: +44 (0)121 328 2498





More information about the list mailing list