Does it matter? I was fairly busy between the readme.txt and the W32.Nimda
to not worry about the specifics. If it came from SANS, that's where it came
from. I'm sorry if that offends you but what can I do? Actually, since I got
it off this list, why don't you analyze it and tell us what you find.
Greg
-----Original Message-----
From: Dean Cunningham [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 10:01 PM
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...
So you actually looked at the smtp source and saw that it actually had the
attachment in the email and not just a fragment?
-----Original Message-----
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 1:55 p.m.
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...
It's not a rumor, it's what happened. That this e-mail got to one of their
people and propagated is disturbing. Antigen caught it at my GW and didn't
send it anywhere. What's there excuse?
Greg
-----Original Message-----
From: Dean Cunningham [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:19 PM
To: NT System Admin Issues
Subject: RE: Well, this is reassuring...
Careful before spreading such a rumor, the detecters may well be
oversensiitve at this point. McAffee did the same to me *because* a guy had
posted to the mailing lust and email containing a portion of the
javascript. I would suggest considering the source of teh messaging being
blocked, that it is like they the message was benign and they too had a
portion of code in it that set the alarm bells off.
regards
Dean
-----Original Message-----
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 12:49 p.m.
To: NT System Admin Issues
Subject: Well, this is reassuring...
Antigen for Exchange found readme.exe infected with JScript/Nimda.A.Worm
(CA(InoculateIT)) worm. The message is currently Purged. The message, "SANS
NewsBites Vol. 3 Num. 38", was sent from The SANS Institute and was
discovered in IMC Queues\Inbound located at ORGANIZATION/SITE-1/ALEXAPP001.
Greg
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***************************************************
This e-mail is not an official statement of the
Waikato Regional Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
***************************************************
This e-mail is not an official statement of the
Waikato Regional Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
