http://www.messagelabs.com are blocking it......
Les Bessant MCP[1] mailto:[EMAIL PROTECTED] IT Manager, Sanderson Townend & Gilbert Acting in a personal capacity http://www.tiggercam.co.uk - New, improved and with more bounce! [1] Just those pesky electives to go... >-----Original Message----- >From: Couch, Nate [mailto:[EMAIL PROTECTED]] >Sent: Monday, January 28, 2002 3:21 PM >To: Exchange Discussions >Subject: RE: Alert: W32/Myparty-mm on the loose > > >Most of the systems I am monitoring are blocking it as a VBS script. > >Nate Couch >EDS Messaging > >-----Original Message----- >From: Kim Schotanus [mailto:[EMAIL PROTECTED]] >Sent: Monday, January 28, 2002 8:36 AM >To: Exchange Discussions >Subject: RE: Alert: W32/Myparty-mm on the loose > > >trend has just launched pattern 212 > >-----Original Message----- >From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] >Sent: 28 January, 2002 3:20 PM >To: Exchange Discussions >Subject: RE: Alert: W32/Myparty-mm on the loose > > >Somehow this one slipped past our .com filter on our linux firewall. >NAV >for exchange caught it by the .COM extension, and norton had just >liveupdated us an hour earlier with the new definitions that would have >caught it if it wasn't a blocked extension. I think the syntax of the >attachment code is probably not RFC compliant. > >Tom > >-----Original Message----- >From: Chris Scharff [mailto:[EMAIL PROTECTED]] >Sent: Monday, January 28, 2002 9:03 AM >To: Exchange Discussions >Subject: RE: Alert: W32/Myparty-mm on the loose > > >Fortunately we're all blocking *.com right? The *.com viruses are going >to >take forever to combat from a social engineering standpoint. It's >probably >worth investing some time in user education on .com files because I >think >this is going to be a new favorite virus writing style for the next few >months. > >Chris Scharff >The Mail Resource Center >http://www.mail-resources.com > >-----Original Message----- >From: Martin Blackstone >To: Exchange Discussions >Sent: 1/28/2002 7:57 AM >Subject: FW: Alert: W32/Myparty-mm on the loose > > > >-----Original Message----- >From: Russ [mailto:[EMAIL PROTECTED]] >Sent: Monday, January 28, 2002 5:45 AM >To: [EMAIL PROTECTED] >Subject: Alert: W32/Myparty-mm on the loose > > >Be aware that this morning you will likely find a copy of this new mass >mailer in your mail systems. This is a pure social engineering attack, >it >contains an attachment named as a URL with a .com extension. Since .com >is >also an application, it will be run as such if its double-clicked on. >Check >with your AV company for updates and/or filtering criteria. If you can, >be >sure you have attachment filtering enabled at your mail >gateway. Outlook >Email Security Update, and Outlook 2002, both catch this attachment and >prevent it from being available for the user to click on. > >Cheers, >Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > >_________________________________________________________________ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe: mailto:[EMAIL PROTECTED] >Exchange List admin: [EMAIL PROTECTED] > >_________________________________________________________________ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe: mailto:[EMAIL PROTECTED] >Exchange List admin: [EMAIL PROTECTED] > >_________________________________________________________________ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe: mailto:[EMAIL PROTECTED] >Exchange List admin: [EMAIL PROTECTED] > >_________________________________________________________________ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe: mailto:[EMAIL PROTECTED] >Exchange List admin: [EMAIL PROTECTED] > >_______________________________________________________________ >_________ >This e-mail has been scanned for all viruses by Star Internet. The >service is powered by MessageLabs. For more information on a proactive >anti-virus service working around the clock, around the globe, visit: >http://www.star.net.uk >_______________________________________________________________ >_________ > The information in this communication and any attachments is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient any use, review, dissemination, distribution or copying of this information is strictly prohibited. If you have received this communication in error please notify us immediately on 0191 261 2681 and delete the original message and any copies of it. Any opinions, conclusions or other information in this message that do not relate to the official business of Sanderson Townend & Gilbert are neither given nor endorsed by the firm. ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
