0
PhreeZone

New VIRUS

By PhreeZone, in The Bonfire

Recommended Posts

PhreeZone    20

PhreeZone
Thought I'd pass this one on. I'm currently dealing with the infection at work and Figured I'd save someone a headache.
Its an email virus, subject of HI and it has an attachment of a screen saver. Don't open it or you'll make your email admins really pissed.
http://vil.nai.com/vil/virusSummary.asp?virus_k=99272
I'm not sure what to put here right now.....

Share this post

Link to post
Share on other sites

PhreeZone    20

PhreeZone
It's not damanging except in the fact that it clogs mail servers and deletes your antivirus and firewall programs. Removal is very easy even if you don't have an anti-virus program. Just follow the steps on the page i had on my first link.
BTW, 1:10 after the first one hit, my company is clean. 5000+ users and its stoped spreading and just small areas are left to deal with, not too bad if I do say so :)I'm not sure what to put here right now.....

Share this post

Link to post
Share on other sites

Jimbo    0

Jimbo
Me likes postfix. This is from our mail logs:
Dec 4 11:36:32 mailhost postfix/cleanup[5758]: 6C894BC015: reject: body ?name="gone.scr"; from= to=
Dec 4 11:49:02 mailhost postfix/cleanup[6275]: 6FDFDBC031: reject: body ?name="gone.scr"; from= to=
Dec 4 12:32:02 mailhost postfix/cleanup[8879]: 0E4EDBC019: reject: body ?name="gone.scr"; from= to=
Blah. The list goes on....

Share this post

Link to post
Share on other sites

larry    0

larry
Thanks Phree!
I just downloaded the patch and warned all our users. Unfortunately we don’t have the virus detection running at the exchange server level yet (where it should be) so I have to rely on each of the users (many of whom are idiots) to update at the machine level. Thanks for the heads up.
-Larry

Share this post

Link to post
Share on other sites

Grogs    0

Grogs
Don't feel too bad about that Larry. We have Norton Antivirus for Exchange and NEMX Powertools (a content filterer) and we still managed to get hit. We were blocking off *.scr attachments using NEMX, but somebody opened the attachment through hotmail or something similar. Norton didn't pick it up because it wasn't in the definitions yet and NEMX didn't reject it because it was originating from inside the organization (it filters at the Internet Mail Connector). We ended up disconnecting our mail server from the network for about 2 hours until Symantec released the new virus definitions that would detect/clean the virus off the server. Not too bad as these thing go, but certainly not fun.

Share this post

Link to post
Share on other sites

harro    0

harro
we dont let any attachments in our network. If an attachment come through, It gets held up at the gateway and an email is sent to the reciver saying that there is a attachment. If you can prove that its business related then you can have it.
saves anything getting through
Freemind, freesky, freebeer, freefly, freesex

Share this post

Link to post
Share on other sites

Grogs    0

Grogs
Quote

This is the bitch of working for the goverment


Hehe, yeah actually we do work for the government and that's at least part of the problem. None of the 'head honchos' are willing to let Information Systems block the security holes like hotmail. We also can't block all attachments, because the government is famous for their 50mb Powerpoint briefings.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing