[Dshield] New version of Mimail perhaps

Deb Hale haled at pionet.net
Thu Dec 18 21:34:07 GMT 2003


I have been keeping a close eye on the net activity - so far everything
looks fine.  

Deborah F Hale
Certified Business Continuity Professional/Computer Security Specialist
BCP Enterprise, Inc
Telephone: (712) 252-0361
www.bcpenterprise.com
 


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Paul Marsh
Sent: Thursday, December 18, 2003 11:28 AM
To: General DShield Discussion List
Subject: RE: [Dshield] New version of Mimail perhaps


Deb:

	You might want to start sniffing your network to see if anything is
trying to call home.  I might be overly paranoid but all the facts point to
something very nasty.  

Thanx, Paul 

-----Original Message-----
From: Deb Hale [mailto:haled at pionet.net] 
Sent: Thursday, December 18, 2003 12:06 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] New version of Mimail perhaps


Paul:

  >> Sounds just like MiMail.E with the readnow.zip.
	Perhaps - what puzzles me is that my NAV did not pick it up. It
should have - my def has this one included.

  >> I just want to clarify, NAV was running OK on the workstation but once
the user received the email not opening it NAV failed?  
	Yes - all was fine until the email was received - then they started
having trouble checking mail and getting to the internet.  Since a reboot
and deletion of the email all has returned to normal on all computers.
	
   >> Do you have any event log info on what happened?  
	Hmm! That is an interesting question.  Just checked the event logs
on the computers and in all cases the XP event viewer shows "The event log
service was stopped" at precisely the same time as the email was received.
Not sure if this is a coincidence.  NAV log shows nothing at all which
surprises me - because it usually shows when something has changed in the
config of the software.  

Still waiting to hear back from Symantec. Will let you know.


Deb


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list






More information about the list mailing list