I just received an email proporting to be from Symantec that contained an anti-virus signature update. The message originated in the Netherlands. The attachment has been submitted to Symantec and FortiNet for review, however, I thought the community might want a heads up since I do not know the degree to which this has been distributed. The full content of the message I received is below:
X-Persona: <CIS>
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from node0938.a2000.nl (node0938.a2000.nl [62.108.9.56])
by mailserver.cis.fed.gov (Postfix) with SMTP id 22868FD52
for <[EMAIL PROTECTED]>; Tue, 7 Oct 2003 06:22:19 -0400 (EDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 7 Oct 2003 03:26:29 -0700
From: <[EMAIL PROTECTED]>
Subject: Last Update.
To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------9D16FAF1684605E"
X-UIDL: G]m!!l"d"!b\E"!\]5"!October 06, 2003 Intruder Alert 4.1 W32_Webb_Worm Policy This policy detects the propagation of the W32.SobigF.Worm through changes in the registry.
[EMAIL PROTECTED] is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in various files. The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code.
In attachment you can find program that update your Norton Antivirus to Norton Antivirus 2004. [nav32.zip] Scanned by evaliation version of Dr.Web antivirus Daemon http://drweb.ru/unix/
