[unisog] New virus???
brennan at columbia.edu
Mon Aug 4 18:26:37 GMT 2003
The attachment name is Message.zip not message.zip. Filter that.
Virus called Mimail. See for example,
Joseph Brennan Columbia University in the City of New York
Academic Technologies Group brennan at columbia.edu
--On Friday, August 1, 2003 15:07 -0400 Steve Bernard <sbernard at gmu.edu>
> We are beginning to see an email-based virus spreading in our network.
> The originator seems to be from a locally compromised machine. Email is
> being generated in the name of the account "admin@" and purports that the
> user's IP has been changed. An accompanying attachment, "message.zip" is
> an HTML file with the binary file, "foo.exe", in the header portion. A
> script with function "malware()" is repeated multiple times, each calling
> "foo.exe". So far what I know is that the virus spreads itself when
> "message.zip" is read by reading at least one address in the user's
> address book. The scripting is easy to understand but, "foo.exe" is
> compiled. This virus is *not* recognized by the latest Norton AV
> signatures. Disabling HTML parsing in email clients seems to stop the
> virus from working.
> Steve Bernard
> Sr. Systems Engineer, NET
> George Mason University
> Fairfax, Virginia
More information about the unisog