Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: finding pasword emails. Virus ???

Re: finding pasword emails. Virus ???

From: Danisment Gazi Unal (ubTools) <dunal_at_ubTools.com>
Date: Fri, 19 Jul 2002 12:34:43 -0800
Message-ID: <F001.0049D0A0.20020719123443@fatcity.com>


Thanks a lot for all emails...

Ron Rogers wrote:

> from an earlier email notification...IT IS A VIRUS
> ====
> >>> ian_at_SLAC.Stanford.EDU 07/15/02 05:49PM >>>
> It's a new one not KLEZ ...
> -----BEGIN PGP SIGNED MESSAGE-----
>
> A number of people have received email from contacts at other sites
> with the subject line "Your Password!"
>
> This is a new email-based worm that hit many European High Energy
> Physics sites earlier today and is now affecting sites in the US.
> The anti-virus companies have updates available soon, but in the
> meantime the SLAC email gateway has stripped on the order of 600
> infected email attachments destined to SLAC users. At this time, we
> have no reports of infection within SLAC and we should remain safe
> even from those who infect their own machines by reading email from
> non-SLAC sources (home insititutions, Yahoo, Hotmail, etc.) and then
> executing the "Decrypt-password.exe" file.
>
> Here is a quote from the CIAC "Heads-Up" on this latest worm ...
>
> There are reports this morning of DOE sites being hit
> by the W32/Frethem.K_at_mm worm. The worm uses its own
> SMTP engine to send itself to email addresses that it
> finds in the Microsoft Windows Address Book and in .dbx,
> .wab, .mbx, .eml, and .mdb files. The email message
> arrives with the following characteristics:
>
> Subject: Re: Your Password!
> Attachments: Decrypt-password.exe and Password.txt
> Size of attachment: 48,640 bytes
>
> The affected systems are Windows 95, Windows 98,
> Windows NT, Windows 2000, Windows XP, and Windows ME.
>
> The worm exploits the "Incorrect MIME Header Can Cause
> IE to Execute E-mail Attachment" vulnerability (CIAC
> Bulletin L-066) in Microsoft Internet Explorer
> (version 5.01 or 5.5 without SP2).
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0.4
>
> iQCVAwUBPTMKjF1NwfDT0XdRAQGAMQP/YXjQ8xz4XnRk02OYyrGKzDSQEaIOBm/Y
> H19u0QJ9t68UH8bpOf3uGtZFNV4koieizW2d39/Eiyl/HKzuPa7tkjR+QE/CFvjX
> RMg2XkYwbL1fuNyVDqjbPP400G/rYPAHnOjWEtUtXjPKrZnKT+IbPJUTQHjPGkJR
> jEa9o/Sejws=
> =vrs9
> -----END PGP SIGNATURE-----
>
> =======
> ROR mm
> >>> Beth.Seefelt_at_TetleyUSA.com 07/18/02 05:36PM >>>
>
> I have gotten one also. It appears to be some type of attempted
> virus.
> Its an html message that attempts to execute an attachment as an
> application. The attachment is called password.txt, I assume to fool
> the email filters. As far as I can tell, it didn't work on my
> machine,
> and I did a search through Symantec's web site for the signature, but
> didn't find one. If anyone knows what to look for to tell if the
> virus
> did anthing, I'd appreciate the info.
>
> Beth
>
> -----Original Message-----
> Sent: Thursday, July 18, 2002 5:14 PM
> To: Multiple recipients of list ORACLE-L
>
> Hello list,
>
> I'm getting many "finding pasword" emails from non-registered users.
> have you got this type of email ? is it a spam or virus ?
>
> regards...
>
> --
> Danisment Gazi Unal
> http://www.ubTools.com
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Danisment Gazi Unal (ubTools)
> INET: dunal_at_ubTools.com
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Seefelt, Beth
> INET: Beth.Seefelt_at_TetleyUSA.com
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to:
> ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Ron Rogers
> INET: RROGERS_at_galottery.org
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).

--
Danisment Gazi Unal
http://www.ubTools.com


-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Danisment Gazi Unal (ubTools)
  INET: dunal_at_ubTools.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Fri Jul 19 2002 - 15:34:43 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US