RE: [Full-Disclosure] Netsky.P -> sneaky one!

From: Federated Information Security (FederatedInformationSecurity_at_federatedinv.com)
Date: 03/23/04

Next message: GreyMagic Software: "[Full-Disclosure] Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo (GM#005-MC)"

Previous message: Luigi Auriemma: "[Full-Disclosure] Server freeze in The Rage 1.01"
Maybe in reply to: Andrew Aris: "[Full-Disclosure] Netsky.P -> sneaky one!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Andrew Aris" <andrew@dev.bigfishinternet.co.uk>, <full-disclosure@lists.netsys.com>
Date: Tue, 23 Mar 2004 11:31:39 -0500

Something different about netsky.p vs all the other variants: I'm
seeing this one spread evenly across all my mail gateways. Earlier
variants only hit my first MX record, this one is either ignoring MX
weights or getting them backwards. Maybe that's why this one's making
the rounds a bit more than other recent variants.

We're living in interesting times when even viruses have hotfixes...

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Andrew Aris
Sent: Tuesday, March 23, 2004 5:45 AM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Netsky.P -> sneaky one!

Hi all,

just had a mail throught that NAV has detected as being Netsky.P, the
text of the mail was:

From: jaume@megacceso.com [mailto:jaume@megacceso.com]
Sent: 23 March 2004 08:24
To: ****
Subject: Re: approved information

Authentication required.

+++ Attachment: No Virus found
+++ MC-Afee AntiVirus - www.mcafee.com

I thought the "MC-Afee" bit was a nice touch, might just convince a fair
few people!

regards,

Andrew

--
big fish internet ltd, 8 beetham road, milnthorpe, cumbria LA7 7QR
tel: +44 (0)15395 64580   http://www.bfinternet.co.uk
big fish internet limited t/a bf internet registered in england no.
3558791
-- 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: GreyMagic Software: "[Full-Disclosure] Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo (GM#005-MC)"

Previous message: Luigi Auriemma: "[Full-Disclosure] Server freeze in The Rage 1.01"
Maybe in reply to: Andrew Aris: "[Full-Disclosure] Netsky.P -> sneaky one!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]