http://vil.nai.com/vil/content/v_99332.htm at the bottom under Removal Instructions.
Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -----Original Message----- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:20 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose Where is it? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:16 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Close, but not quite. "POS McAfee" has had a signature via an EXTRA.DAT for it since Sunday night. What they are saying is that it will not be incorporated into the normal DAT signature (which comes out on Wednesdays) until it has been fully tested. Regardless of whether they have it incorporated or not, we are not letting executables such as .exe, com, bat, etc. are we? First do no harm. :) Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -----Original Message----- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:25 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose Also another classic example of what a POS Mcafee is. They are saying they will release a DAT for it on the 30th.... -----Original Message----- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:21 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Most of the systems I am monitoring are blocking it as a VBS script. Nate Couch EDS Messaging -----Original Message----- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:36 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose trend has just launched pattern 212 -----Original Message----- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: 28 January, 2002 3:20 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Somehow this one slipped past our .com filter on our linux firewall. NAV for exchange caught it by the .COM extension, and norton had just liveupdated us an hour earlier with the new definitions that would have caught it if it wasn't a blocked extension. I think the syntax of the attachment code is probably not RFC compliant. Tom -----Original Message----- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:03 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Fortunately we're all blocking *.com right? The *.com viruses are going to take forever to combat from a social engineering standpoint. It's probably worth investing some time in user education on .com files because I think this is going to be a new favorite virus writing style for the next few months. Chris Scharff The Mail Resource Center http://www.mail-resources.com -----Original Message----- From: Martin Blackstone To: Exchange Discussions Sent: 1/28/2002 7:57 AM Subject: FW: Alert: W32/Myparty-mm on the loose -----Original Message----- From: Russ [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:45 AM To: [EMAIL PROTECTED] Subject: Alert: W32/Myparty-mm on the loose Be aware that this morning you will likely find a copy of this new mass mailer in your mail systems. This is a pure social engineering attack, it contains an attachment named as a URL with a .com extension. Since .com is also an application, it will be run as such if its double-clicked on. Check with your AV company for updates and/or filtering criteria. If you can, be sure you have attachment filtering enabled at your mail gateway. Outlook Email Security Update, and Outlook 2002, both catch this attachment and prevent it from being available for the user to click on. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
