More info on the virus I mentioned last Thursday. Since then we received a message from our Exchange people that the network is under a heavier workload now...
Regards, Patrice Boivin Systems Analyst (Oracle Certified DBA) Systems Admin & Operations | Admin. et Exploit. des syst�mes Technology Services | Services technologiques Informatics Branch | Direction de l'informatique Maritimes Region, DFO | R�gion des Maritimes, MPO E-Mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> -----Original Message----- Hi, The following warning messages were posted to the 'true64-unix-managers' listserv. Similiar ones from ANTIGEN were also there. Anf so are the subjects of their discussion, the emails from PRoetman and Borowski..... they're sitting in my mailbox, unopened. Guess if it is a virus, Macafee didn't pick it up. Would anyone like to examine them, preferably off my PC ? From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]] <mailto:[mailto:[EMAIL PROTECTED]]> Sent: Thursday, April 18, 2002 8:32 PM To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Subject: Bangor Hydro Electric Co. found HTML/MimeExploit.IFRAME (CA(Inocu lateIT),CA(Vet)) virus Bangor Hydro Electric Co. Unknown infected with HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus. The file is currently Removed. The message, "Honey", was sent from PRoetman . Please email [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> with any questions. Thanks. From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]] <mailto:[mailto:[EMAIL PROTECTED]]> Sent: Thursday, April 18, 2002 5:27 PM To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Subject: Bangor Hydro Electric Co. found =*.ex* file Bangor Hydro Electric Co removed ChangePassword.exp since it could potentially be dangerous to our computer systems. The file is currently Removed. The message, "SUMMARY: Changing Passwords", sent from Ralf Borowski Please email [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> with any questions. Thanks. Actually, there's been several such warning messages on the list this morning, in addition to the one yesterday: (I rarely see this stuff) : From: ANTIGEN_AMEXCO-01 [mailto:[EMAIL PROTECTED]] <mailto:[mailto:[EMAIL PROTECTED]]> Sent: Thursday, April 18, 2002 8:23 PM To: '[EMAIL PROTECTED]' Subject: Antigen Notification:Antigen found VIRUS= HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus Antigen for Exchange found Unknown infected with VIRUS= HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus. The file is currently Removed. The message, "Honey", was sent from PRoetman and was discovered in IMC Queues\Inbound located at American Excelsior Company/AMEXCO/AMEXCO-01. From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]] <mailto:[mailto:[EMAIL PROTECTED]]> Sent: Thursday, April 18, 2002 5:34 PM To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Subject: Antigen Notification:Antigen found VIRUS= HTML\MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus Antigen for Exchange found Unknown infected with VIRUS= HTML\MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus. The file is currently Removed. The message, "Cellpadding", was sent from RemyR and was discovered in SMTP Messages\Inbound located at TURKCELL/TMO/TCEXH3401. From: ANTIGEN_AMEXCO-01 [mailto:[EMAIL PROTECTED]] <mailto:[mailto:[EMAIL PROTECTED]]> Sent: Thursday, April 18, 2002 4:59 PM To: '[EMAIL PROTECTED]' Subject: Antigen Notification:Antigen found VIRUS= HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus Antigen for Exchange found Unknown infected with VIRUS= HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus. The file is currently Removed. The message, "Spice girls' vocal concert", was sent from dorward_pk and was discovered in IMC Queues\Inbound located at American Excelsior Company/AMEXCO/AMEXCO-01. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Boivin, Patrice J INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
