> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Larry Hand > Sent: Saturday, 15 November 2003 8:38 a.m. > To: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES > > On Thursday 13 November 2003 04:43 pm, Larry Hand wrote: > > Anyone else seeing this? It comes with an attachment Paypal.asp.scr. > > Anyone know what it is? It sure looks suspicious. > > And a bunch of people answered! Thanks to you all. > > Thanks for the links. I expect it's that MiMail trojan. It's rare that a > virus gets through the filters here. Apparently it's a new variant which > slipped in before the newest AV signature updates were installed. Since NAI > didn't find out about it until today, I guess that's reasonable :-)
That is why you should implement content blocking at your e-mail server. There is absolutely no reason to allow .scr files to go around. If you had this blocked, it would stop MiMail-I without AV updates. Also, note that this attachment has double extension, which should also be automatically blocked. You can check unsafe extensions list at Microsoft's Web site: http://support.microsoft.com/default.aspx?scid=kb;EN-US;262631 Regards, Bojan Zdrnja CISSP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
