Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> FW: Bangor Hydro Electric Co. found HTML/MimeExploit.IFRAME (CA(I nocu

FW: Bangor Hydro Electric Co. found HTML/MimeExploit.IFRAME (CA(I nocu

From: Boivin, Patrice J <BoivinP_at_mar.dfo-mpo.gc.ca>
Date: Tue, 23 Apr 2002 06:28:47 -0800
Message-ID: <F001.0044C7ED.20020423062847@fatcity.com> 





More info on the virus I mentioned last Thursday.



Since then we received a message from our Exchange people that the network
is under a heavier workload now...



Regards,


Patrice Boivin


Systems Analyst (Oracle Certified DBA)


Systems Admin & Operations | Admin. et Exploit. des systèmes
Technology Services        | Services technologiques
Informatics Branch         | Direction de l'informatique 
Maritimes Region, DFO      | Région des Maritimes, MPO





E-Mail: boivinp_at_mar.dfo-mpo.gc.ca <mailto:boivinp_at_mar.dfo-mpo.gc.ca> 




 -----Original Message-----



Hi,



The following warning messages were posted to the 'true64-unix-managers'
listserv.


Similiar ones from ANTIGEN were also there.
Anf so are the subjects of their discussion, the emails from PRoetman and
Borowski.....


they're sitting in my mailbox, unopened. Guess if it is a virus, Macafee
didn't pick it up.


Would anyone like to examine them, preferably off my PC ?



        From: virusalerts_at_bhe.com <mailto:virusalerts_at_bhe.com>
[mailto:virusalerts_at_bhe.com] <mailto:[mailto:virusalerts_at_bhe.com]> 

	Sent: Thursday, April 18, 2002 8:32 PM
	To: tru64-unix-managers_at_ornl.gov


<mailto:tru64-unix-managers_at_ornl.gov> 

	Subject: Bangor Hydro Electric Co. found HTML/MimeExploit.IFRAME
	(CA(Inocu lateIT),CA(Vet)) virus
	Bangor Hydro Electric Co. Unknown infected with
HTML/MimeExploit.IFRAME
	(CA(InoculateIT),CA(Vet)) virus.
	The file is currently Removed.  The message, "Honey", was
	sent from PRoetman  .
	Please email virus_at_bhe.com <mailto:virus_at_bhe.com>  with any


questions. Thanks.



        From: virusalerts_at_bhe.com <mailto:virusalerts_at_bhe.com>
[mailto:virusalerts_at_bhe.com] <mailto:[mailto:virusalerts_at_bhe.com]> 

	Sent: Thursday, April 18, 2002 5:27 PM
	To: tru64-unix-managers_at_ornl.gov


<mailto:tru64-unix-managers_at_ornl.gov> 

	Subject: Bangor Hydro Electric Co. found =*.ex* file
	Bangor Hydro Electric Co removed ChangePassword.exp  since it could 
	potentially be dangerous to our computer systems.
	The file is currently Removed.  The message, "SUMMARY: Changing
Passwords", 
	sent from Ralf Borowski  
	Please email virus_at_bhe.com <mailto:virus_at_bhe.com>  with any


questions. Thanks.



Actually, there's been several such warning messages on the list this
morning, in addition to the one yesterday:
(I rarely see this stuff) :



        From: ANTIGEN_AMEXCO-01


[mailto:ANTIGEN_AMEXCO-01_at_AmericanExcelsior.com]


<mailto:[mailto:ANTIGEN_AMEXCO-01_at_AmericanExcelsior.com]> 


	Sent: Thursday, April 18, 2002 8:23 PM
	To: 'tru64-unix-managers_at_ornl.gov'
	Subject: Antigen Notification:Antigen found VIRUS=
	HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus
	Antigen for Exchange found Unknown infected with VIRUS=
	HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus.
	The file is currently Removed.  The message, "Honey", was
	sent from PRoetman  and was discovered in IMC Queues\Inbound
	located at American Excelsior Company/AMEXCO/AMEXCO-01.


	From: Antigen_at_tplmalsmtp.turkcell.com.tr


<mailto:Antigen_at_tplmalsmtp.turkcell.com.tr> 

	[mailto:Antigen_at_tplmalsmtp.turkcell.com.tr]


<mailto:[mailto:Antigen_at_tplmalsmtp.turkcell.com.tr]> 

	Sent: Thursday, April 18, 2002 5:34 PM
	To: tru64-unix-managers_at_ornl.gov


<mailto:tru64-unix-managers_at_ornl.gov> 

	Subject: Antigen Notification:Antigen found VIRUS=
	HTML\MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus
	Antigen for Exchange found Unknown infected with VIRUS=
HTML\MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus.
	The file is currently Removed.  The message, "Cellpadding", was
	sent from RemyR  and was discovered in SMTP Messages\Inbound
	located at TURKCELL/TMO/TCEXH3401.

	From: ANTIGEN_AMEXCO-01




[mailto:ANTIGEN_AMEXCO-01_at_AmericanExcelsior.com]


<mailto:[mailto:ANTIGEN_AMEXCO-01_at_AmericanExcelsior.com]> 


	Sent: Thursday, April 18, 2002 4:59 PM
	To: 'tru64-unix-managers_at_ornl.gov'
	Subject: Antigen Notification:Antigen found VIRUS=
	HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus
	Antigen for Exchange found Unknown infected with VIRUS=
	HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus.
	The file is currently Removed.  The message, "Spice girls' vocal
concert",
	was
	sent from dorward_pk  and was discovered in IMC Queues\Inbound
	located at American Excelsior Company/AMEXCO/AMEXCO-01.

	



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Boivin, Patrice J
  INET: BoivinP_at_mar.dfo-mpo.gc.ca

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Tue Apr 23 2002 - 09:28:47 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US