Mark and all on Aus-Soaring (and also those of SCGC-Members who are cc-ed)
It seems that our Club treasurer's work computer has contracted a variant of the Exploit-MIME.gen family of virii McAfee says (at http://vil.nai.com/vil/content/v_99273.htm) ... This generic detection covers email message files which exploit the Microsoft Incorrect MIME Header vulnerability. This vulnerability allows attached executable files to be run when a message is simply viewed. Several common viruses make use of this exploit, including W32/Badtrans@MM, W32/Nimda.gen@MM, and W32/Klez.gen@MM. For more information on this exploit and a patch, visit http://www.microsoft.com/technet/security/bulletin/MS01-020.asp As this is a generic detection which may cover many different trojans and viruses, it is not possible to specify any further details or symptoms of this threat. ... please note that the patch MS01-020 has actually been superceded by patch MS01-027. So you should visit http://www.microsoft.com/technet/security/bulletin/MS01-027.asp instead. Better still, use a decent e-mail client like Qualcomm's Eudora, which is free and I believe has remained virus exploit resistant in it's 7+ years in opreation. Outlook and Outlook Express rely on Internet Explorer which, as we all know after years of watching the long and every growing list of exploits used by hackers, contains so many holes it couldn't hold water if it tried. I have advised our treasurer to disconnect his e-mail to prevent further spreading and we're working on a solution as we speak. Regards Jason Armistead Southen Cross Gliding Club Inc > I received an email virus earlier today in an attachment called > "Gliding Account Expenses 01 & 02.xls.scr" which was forwarded > through an SMTP server belonging to pacific.net.sg (Pacific Internet > in Singapore). > > The fact that the attachment was called "Gliding Account Expenses > 01 & 02.xls.scr" suggests that it's someone involved with a gliding > club (The fact that it's "01 & 02" suggests they've been involved > for at least a couple of years). Of course, since it's an email > virus which hides the sender's identity I have no further clues about > who it is. > > So if you have a Pacific Internet (Singapore) email account, you > should probably be thinking about running some anti-virus software > right about now... > > - mark > [ not vulnerable to any email viruses :-) ] > > -------------------------------------------------------------------- > I tried an internal modem, [EMAIL PROTECTED] > but it hurt when I walked. Mark Newton > ----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 ----- > > -- > * You are subscribed to the aus-soaring mailing list. > * To Unsubscribe: send email to [EMAIL PROTECTED] > * with "unsubscribe aus-soaring" in the body of the message > * or with "help" in the body of the message for more information. -- * You are subscribed to the aus-soaring mailing list. * To Unsubscribe: send email to [EMAIL PROTECTED] * with "unsubscribe aus-soaring" in the body of the message * or with "help" in the body of the message for more information.
