[TriLUG] [OT] Sys admin heads up

Chris Knowles chrisk at trilug.org
Tue Mar 11 14:53:36 EST 2003


Huh, and here I always thought the MS patches *were* worms.

CJK

On Tue, 2003-03-11 at 14:43, Jim Ray wrote:
> shoot.  now i've really screwed up.  i thought i had installed a patch from microsoft for my linux machine when it was really a worm!
> 
> 	-----Original Message----- 
> 	From: Mike M [mailto:linux-support at earthlink.net] 
> 	Sent: Tue 3/11/2003 2:43 PM 
> 	To: trilug at trilug.org 
> 	Cc: 
> 	Subject: Re: [TriLUG] [OT] Sys admin heads up
> 	
> 	
> 
> 	And then this came in...
> 	
> 	To everyone who got this mail... I need not say it, but NEVER run any
> 	executables mailed to you... this one contains an unknown virus...
> 	
> 	/tmp/q113407.exe
> 	        Found virus or variant New Worm !!!
> 	        Please send a copy of the file to Network Associates
> 	        The file has been renamed.
> 	
> 	
> 	And to the person sending this... I will file an abuse report with your
> 	provider... And you're not to smart to put everyone in the CC list, so I
> 	can send the same list of people a warning :)
> 	
> 	Idiot...
> 	
> 	--
> 	Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
> 	Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
> 	Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl
> 	
> 	On Tuesday 11 March 2003 14:17, David A. Cafaro wrote:
> 	> Looks like a variant of this:
> 	>
> 	> http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe.b@mm.html
> 	>
> 	> But that attached file is a new name variant.
> 	>
> 	> On Tue, 2003-03-11 at 14:07, Mike M wrote:
> 	> > I just got an email with a subject:
> 	> > Check out these patch from M$ Corporation
> 	> >
> 	> > It only had an attached file called:
> 	> > q113407.exe
> 	> >
> 	> > Nothing Googles on the subject or the filename.
> 	> >
> 	> > Here are the headers:
> 	> > Status: R
> 	> > Return-Path: <robert.wotherspoon at sympatico.ca>
> 	> > Received: from tomts9-srv.bellnexxia.net ([209.226.175.53])
> 	> >         by merlin (EarthLink SMTP Server) with SMTP id 18SOyA2gf3NZFlq0
> 	> >         Tue, 11 Mar 2003 10:32:55 -0800 (PST)
> 	> > Received: from workstation5 ([64.231.209.78]) by
> 	> > tomts12-srv.bellnexxia.net (InterMail vM.5.01.04.19
> 	> > 201-253-122-122-119-20020516) with ESMTP id
> 	> > <20030311180052.XRSU11647.tomts12-srv.bellnexxia.net at workstation5>;
> 	> >           Tue, 11 Mar 2003 13:00:52 -0500
> 	> > From: "WOTHERSPOON" <robert.wotherspoon at sympatico.ca>
> 	> > To:
> 	> > -A LONG LIST OF EMAIL ADDRESSES HERE-
> 	> > Subject: Check out these patch from M$ Corporation.
> 	> > Date: Tue, 11 Mar 2003 13:08:24 -0500
> 	> > Message-ID: <045e01c2e7f9$351a8a80$6a01a8c0 at bellnet.ca>
> 	> > MIME-Version: 1.0
> 	> > Content-Type: application/x-msdownload;
> 	> >   name="q113407.exe"
> 	> > Content-Transfer-Encoding: base64
> 	> > Content-Disposition: attachment;
> 	> >         filename="q113407.exe"
> 	> > X-Priority: 3 (Normal)
> 	> > X-MSMail-Priority: Normal
> 	> > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> 	> > Importance: Normal
> 	> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> 	> > X-Status: N
> 	> > --
> 	> > Mike M.
> 	> > _______________________________________________
> 	> > TriLUG mailing list
> 	> >     http://www.trilug.org/mailman/listinfo/trilug
> 	> > TriLUG Organizational FAQ:
> 	> >     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> 	>
> 	> _______________________________________________
> 	> TriLUG mailing list
> 	>     http://www.trilug.org/mailman/listinfo/trilug
> 	> TriLUG Organizational FAQ:
> 	>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> 	
> 	--
> 	Mike M.
> 	_______________________________________________
> 	TriLUG mailing list
> 	    http://www.trilug.org/mailman/listinfo/trilug
> 	TriLUG Organizational FAQ:
> 	    http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> 	
> 	
-- 
Chris Knowles <chrisk at trilug.org>



More information about the TriLUG mailing list