31 Jan
2004
31 Jan
'04
8:17 p.m.
On Jan 31, 18:36, chris wrote:
worm.
>The message contains Unicode characters and has
been sent as a
binary
attachment.
Despite allegedly coming from me, I was not the sender of the above
email. I assure you none of my Macs are infected with this Windows :-)
Someone else with my addy on their machine has been infected. IP in
the
header traces back to RIPE Networks in Amsterdam.
Fortunately, it appears the list strips attachments, so the email is
nothing more harmful then a minor annoyance to the list.
Yes, this is standard MyDoom/Novarg. It spoofs the sender in the
"From:" and for good measure uses their hostname in the SMTP exchange
when it contacts the destination. Then it adds a zipfile which
contains the payload.
The list does strip attachments -- you can't send attachments to this
list, nor HTML.
Incidentally, Sellam: just not using OE isn't a cure. It might reduce
the problem, but enough people will save and then open attachments
anyway; besides, there are other ways of passing a virus or worm. I've
seen a few of these at work last week. I blackholed about ten
machines.
--
Pete Peter Turnbull
Network Manager
University of York