OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: michael.ryanstorm.ie
Date: Wed Jul 18 2001 - 09:36:10 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Michael/Martin

    Thanks for the replies and info :)
    At this point, I am strongly considering whether to simply reject all mail
    with .scr or .vbs attachments - presumably, this requires an edit to my
    sendmail.cf file ... question now is where/what exactly do I need to
    change? ;)

    Tnx, Michael

                                                                                                                         
                        Martin Leweling
                        <lewelinuni-mu To: michael.ryanstorm.ie, suse-securitysuse.com
                        enster.de> cc:
                                               Subject: Re: [suse-security] unwanted virus infected email spam
                        07/18/2001
                        03:30 PM
                        Please respond
                        to lewelin
                                                                                                                         
                                                                                                                         

    Hi,

    On Wednesday 18 July 2001 15:39, michael.ryanstorm.ie wrote:
    > (kind of off topic)
    > Has anyone been receiving periodic emails with virus infected attachments
    > from an address proporting to be hahahasexyfun.net?

    Yes. I've got three of them during the last three days. This is a virus
    worm known as "Hybris". It's modular nature makes allows for uploading
    new "features" all the time.

    > It is really annoying me at this point because this w**ker seems to be
    > sequentially trying all combinations ********storm.ie and I am getting a
    > couple of quarantine notifications every week from the antivirus software
    > on our mail server.
    >
    > I did try adding a REJECT rule for hahahasexyfun.net to /etc/mail/access
    -
    > this seemed to work for a week or two but the problem has since returned.
    > Any ideas as to what I might try next as this kind of mindless activity
    > really does my head in ...

    Blocking this email-Adress won't help, because there are other senders
    with the same virus. The subject line and attachment names are also highly
    variable. The only solution to identify it is to run "strings" on the
    attachment and looking for the appearance of the string "HYBRIS".

    >
    > Thanks,
    >
    > Michael

    Regards,
      Martin 

    --
Martin Leweling
Institut fuer Planetologie, WWU Muenster
Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany

    --
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com

    -- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com