Gosh, I thought this was old news - I was receiving this email *all* last week. The thing to be aware of is that if you have not updated your version of IE (assuming you are using IE) and assuming you are using Outlook - this virus can be launched just by viewing the email in the preview pane!
Kola >> -----Original Message----- >> From: Doug White [mailto:[EMAIL PROTECTED] >> Sent: 22 September 2003 15:05 >> To: CF-Talk >> Subject: Re: [ OT] Special security Alert! >> >> This is a question for those that have already become familiar with these >> worm >> e-mails. >> >> Is it possible that the propagation is via totally spoofed IP numbers? I >> did >> not think this would be possible. >> >> The end result is that my mail server is receiving around 100 of these >> per hour, >> from three general geographic areas, but never the same IP number. (it, >> de and >> au) The destination is to a single address in one of the domains I >> serve as a >> gateway for. So far Amavis+AntiVir has been catching them and generates >> a lot >> of email to the postmaster account. I wanted to try to see if I could >> create >> some rules in the Linux Firewall to drop these connections, but am a bit >> overwhelmed by the sheer quantity. >> >> I did note that some of the infected email have made it past the virus >> scanner, >> however the attachment on those is only either a zero-byte or a 2 byte >> size, >> These are not a problem as the fragmented attachment is of no danger. >> >> I have advised all clients to disable the instant view as well as to >> disable >> iframe execution in their mail client, which seems to be preventing the >> ones >> that are crafted as a bounce, but contain an iframe command to infect the >> unwary >> user. >> >> >> >> ====================================== >> Stop spam on your domain, use our gateway! >> For hosting solutions http://www.clickdoug.com >> Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases. >> ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 >> Suggested corporate Anti-virus policy: >> http://www.dshield.org/antivirus.pdf >> ====================================== >> If you are not satisfied with my service, my job isn't done! >> >> ----- Original Message ----- >> From: "Claude Schneegans" <[EMAIL PROTECTED]> >> To: "CF-Talk" <[EMAIL PROTECTED]> >> Sent: Monday, September 22, 2003 8:53 AM >> Subject: Re: [ OT] Special security Alert! >> >> >> | >>There is a new virus threat introduced to the internet yesterday, >> which >> | Symantec identifies as the [EMAIL PROTECTED] worm. >> | >> | This is unbelievable: since last friday I'm receiving about half/dozen >> copies >> of it every hour! >> | Suscribing to a list like this makes your email address present in >> thousands >> of computers. >> | If the virus is able to find addresses in mail inbox, it might explain >> I >> receive so many of them. >> | >> | Are you some of you also receiving so many message about a so called >> microsoft >> update >> | or a message delivery failure ? >> | >> | >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm?link=i:4:137922 Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
