[Dshield] fake dshield e-mail with virus

Johannes B. Ullrich jullrich at sans.org
Mon Aug 18 02:19:47 GMT 2003


I got a couple reports over the last two days that
indicate that some virus is using a 'DShield' address
as 'From' address. This doesn't look like its caused
by over reacting virus scanners, as the subject lines
don't look right (e.g.: Open immediatly...). 

Just as a reminder: We will not send attachments to this
list, or to individuals without prior anouncement. If 
I do, it may actually be a virus sample someone asked
for ;-). 

A 'From' address is easily spoofed and should not be
trusted. I sign most outbound email (other than email
to the list. But as you may see by some posts I am
working on a solution).

Anyway. Install virus scanners and don't trust
attachments.


-- 
SANS - Internet Storm Center
http://isc.sans.org
PGP Key: http://isc.sans.org/jullrich.txt




More information about the list mailing list