[unisog] New virus???

Joseph Brennan brennan at columbia.edu
Mon Aug 4 18:26:37 GMT 2003


The attachment name is Message.zip not message.zip.  Filter that.

Virus called Mimail.  See for example,

<http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm.ht
ml>

Joseph Brennan         Columbia University in the City of New York
Academic Technologies Group                   brennan at columbia.edu




--On Friday, August 1, 2003 15:07 -0400 Steve Bernard <sbernard at gmu.edu> 
wrote:

> We are beginning to see an email-based virus spreading in our network.
> The originator seems to be from a locally compromised machine. Email is
> being generated in the name of the account "admin@" and purports that the
> user's IP has been changed. An accompanying attachment, "message.zip" is
> an HTML file with the binary file, "foo.exe", in the header portion. A
> script with function "malware()" is repeated multiple times, each calling
> "foo.exe".  So far what I know is that the virus spreads itself when
> "message.zip" is read by reading at least one address in the user's
> address book. The scripting is easy to understand but, "foo.exe" is
> compiled. This virus is *not* recognized by the latest Norton AV
> signatures. Disabling HTML parsing in email clients seems to stop the
> virus from working.
>
>
> Regards,
>
> Steve Bernard
> Sr. Systems Engineer, NET
> George Mason University
> Fairfax, Virginia




More information about the unisog mailing list