[Dshield] Fwd: Newest Network Upgrade

John Sage jsage at finchhaven.com
Thu Sep 25 15:41:59 GMT 2003


Gearry:

On Thu, Sep 25, 2003 at 08:36:19AM -0400, Gearry Judkins wrote:
> Attached is parts of a  message I got this morning that looks like a hoax.
>  I thought list members might be interested.  I may deconstruct it later
> this morning but I have server issues this morning to address.  Sorry for
> the strange handeling of the content, but the mail server I am on mangles
> stuff like this.  It is a pain except for the fact that it protects us
> from many of the problems that others have.

I'm sorry to put it to you this way, but email of this sort is *very*
old news.

One might well ask where you've been for, say, the last week.

See:

http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

"W32.Swen.A at mm
Category3
Discovered on: September 18, 2003
Last Updated on: September 24, 2003 10:58:29 AM"



Without looking too hard, here's an early one I received, 09/19...

TO: "User" <user at updates.com>
SUBJECT: Internet Pack
Date: Fri, 19 Sep 2003 09:05:34 -0400

[-- Attachment #1 --]
[-- Type: multipart/related, Encoding: 7bit, Size: 12K --]

[-- Attachment #1 --]
[-- Type: multipart/alternative, Encoding: 7bit, Size: 6.8K --]

Microsoft User

this is the latest version of security update, the
"September 2003, Cumulative Patch" update which fixes
/* snip */


So you've just noticed this.

umm.. Seen any unusual traffic eminating from your user-space
machines over the last week?


- John
-- 
"Warning: time of day goes back, taking countermeasures."
John Sage
InfoSec Groupie
-
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
-
ATTENTION: this message is privileged communication. If you read it
even though you aren't supposed to, you're a poopy-head.




More information about the list mailing list