Trend Scanmail 6.0 nailed it, blocking .com's and it was not fooled, stped it as early as 22:00 on the 27th.
----- Original Message ----- From: "Martin Blackstone" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 8:22 AM Subject: RE: Alert: W32/Myparty-mm on the loose > Also another classic example of what a POS Mcafee is. They are saying they > will release a DAT for it on the 30th.... > > -----Original Message----- > From: Couch, Nate [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 7:21 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Most of the systems I am monitoring are blocking it as a VBS script. > > Nate Couch > EDS Messaging > > -----Original Message----- > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:36 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > trend has just launched pattern 212 > > -----Original Message----- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: 28 January, 2002 3:20 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. NAV for > exchange caught it by the .COM extension, and norton had just liveupdated us > an hour earlier with the new definitions that would have caught it if it > wasn't a blocked extension. I think the syntax of the attachment code is > probably not RFC compliant. > > Tom > > -----Original Message----- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are going to > take forever to combat from a social engineering standpoint. It's probably > worth investing some time in user education on .com files because I think > this is going to be a new favorite virus writing style for the next few > months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -----Original Message----- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -----Original Message----- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new mass > mailer in your mail systems. This is a pure social engineering attack, it > contains an attachment named as a URL with a .com extension. Since .com is > also an application, it will be run as such if its double-clicked on. Check > with your AV company for updates and/or filtering criteria. If you can, be > sure you have attachment filtering enabled at your mail gateway. Outlook > Email Security Update, and Outlook 2002, both catch this attachment and > prevent it from being available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
