[Dshield] New Outlook virus?

Bob Savage bsavage at rnr-inc.com
Wed Oct 2 14:04:51 GMT 2002


Hadn't thought of that, and it's entirely possible.  I complained a
while back about the amount of clutter coming from "reserved" IP
numbers.  Apparently it was coming from several of their other
customers.  They segmented their network to solve the problem and all
that "internal" IP traffic ended over night.  Maybe they did some other
filtering as well.

Bob


-----Original Message-----
From: Paul Oliver [mailto:p.oliver at concentriccontrols.com]
Sent: Wednesday, October 02, 2002 8:24 AM
To: list at dshield.org
Subject: Re: [Dshield] New Outlook virus?


You may well find that your ISP filters out port 137-139 traffic, this
is
the case with our ISP so we haven't seen any incoming traffic on those
ports.

Paul.

----- Original Message -----
From: "Bob Savage" <bsavage at rnr-inc.com>
To: <list at dshield.org>
Sent: Wednesday, October 02, 2002 1:22 PM
Subject: RE: [Dshield] New Outlook virus?


> We do use Windows here, and have had absolutely no activity of the
type
> described over the last few days in the discussion of these new
> viruses/attacks.  I've checked every morning for port 137 or port 1025
-
> 1029 traffic: source or destination, in or out, udp/tcp/anything else.
> None.  Not one packet using or attempting to use those ports.
>
> There's a whole lot I don't know, but I'm puzzled over this one.
Glad,
> to be sure, but still puzzled.
>
> Bob
>
>
> -----Original Message-----
> From: John Draper [mailto:crunch at shopip.com]
> Sent: Tuesday, October 01, 2002 4:56 AM
> To: list at dshield.org
> Subject: Re: [Dshield] New Outlook virus?
>
>
> >   It appears that you receive an infected message that shows no
> >attachment when viewed in Outlook.  When opened the virus sends email
> >out to people in your address book with a subject and content taken
> >from a previously sent message.  One person reported seeing something
> >flash on their screen very quickly when it was opened.  The virus is
> >attaching itself using the name of an attachment you sent before.
> >   Up to date Mcafee and Norton virus scanners do not appear to be
> >catching it.  My Anomy Sanitizer at home caught that there was an
.scr
> >attachment with the message and defanged it.  Other people reported
> >that their virus scanner did not catch it but an email defanger did.
>
> I don't use WinBlows,  so don't see anything unusual,  unless you
count
> 30 identical mail messages with a Klez-H vitus attached!    :-)
>
> John
>
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>



This e-Mail (and any attachments) should only be read by the intended
addressee(s) and not be relied upon without subsequent written
confirmation
of its contents. Concentric Controls Ltd. accepts no liability for the
consequences of any person acting on such information prior to the
receipt
of such confirmation. If you are not the intended recipient, you are not
authorised to, and must not use, disclose, copy, distribute, or retain
this
message, its attachments or any part thereof. Any views or opinions
expressed are those of the author and do not necessarily reflect the
opinions of Concentric Controls Ltd.

Concentric Controls Ltd.  www.concentriccontrols.com
Priory Road, Aston, Birmingham B6 7LH, UK
Tel: +44 (0)121 327 1662   Fax: +44 (0)121 328 2498


_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list