[Dshield] New version of Mimail perhaps
pmarsh at nmefdn.org
Thu Dec 18 17:28:28 GMT 2003
You might want to start sniffing your network to see if anything
is trying to call home. I might be overly paranoid but all the facts
point to something very nasty.
From: Deb Hale [mailto:haled at pionet.net]
Sent: Thursday, December 18, 2003 12:06 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] New version of Mimail perhaps
>> Sounds just like MiMail.E with the readnow.zip.
Perhaps - what puzzles me is that my NAV did not pick it up. It
should have - my def has this one included.
>> I just want to clarify, NAV was running OK on the workstation but
once the user received the email not opening it NAV failed?
Yes - all was fine until the email was received - then they
started having trouble checking mail and getting to the internet. Since
a reboot and deletion of the email all has returned to normal on all
>> Do you have any event log info on what happened?
Hmm! That is an interesting question. Just checked the event
logs on the computers and in all cases the XP event viewer shows "The
event log service was stopped" at precisely the same time as the email
was received. Not sure if this is a coincidence. NAV log shows nothing
at all which surprises me - because it usually shows when something has
changed in the config of the software.
Still waiting to hear back from Symantec. Will let you know.
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list