[Dshield] New version of Mimail perhaps

Paul Marsh pmarsh at nmefdn.org
Thu Dec 18 21:53:04 GMT 2003


Deb:

Any word from Symantec?

Thanx, Paul

-----Original Message-----
From: Deb Hale [mailto:haled at pionet.net] 
Sent: Thursday, December 18, 2003 04:34 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] New version of Mimail perhaps


I have been keeping a close eye on the net activity - so far everything
looks fine.  

Deborah F Hale
Certified Business Continuity Professional/Computer Security Specialist
BCP Enterprise, Inc
Telephone: (712) 252-0361
www.bcpenterprise.com
 


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf Of Paul Marsh
Sent: Thursday, December 18, 2003 11:28 AM
To: General DShield Discussion List
Subject: RE: [Dshield] New version of Mimail perhaps


Deb:

	You might want to start sniffing your network to see if anything
is trying to call home.  I might be overly paranoid but all the facts
point to something very nasty.  

Thanx, Paul 

-----Original Message-----
From: Deb Hale [mailto:haled at pionet.net] 
Sent: Thursday, December 18, 2003 12:06 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] New version of Mimail perhaps


Paul:

  >> Sounds just like MiMail.E with the readnow.zip.
	Perhaps - what puzzles me is that my NAV did not pick it up. It
should have - my def has this one included.

  >> I just want to clarify, NAV was running OK on the workstation but
once the user received the email not opening it NAV failed?  
	Yes - all was fine until the email was received - then they
started having trouble checking mail and getting to the internet.  Since
a reboot and deletion of the email all has returned to normal on all
computers.
	
   >> Do you have any event log info on what happened?  
	Hmm! That is an interesting question.  Just checked the event
logs on the computers and in all cases the XP event viewer shows "The
event log service was stopped" at precisely the same time as the email
was received. Not sure if this is a coincidence.  NAV log shows nothing
at all which surprises me - because it usually shows when something has
changed in the config of the software.  

Still waiting to hear back from Symantec. Will let you know.


Deb


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list