[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] New MyDoom or Netsky variant?
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] New MyDoom or Netsky variant?
- From: Timothy Chase <timothychase@xxxxxxxxx>
- Date: Mon, 19 Jul 2004 19:26:39 -0700
Mary,
You have a good eye!
According to Sophos, there is a new W32/MyDoom-N, and they have
updated their signature files accordingly. You can expect that all
the major antivirus companies will quickly follow suite if they
haven't already.
I just had a Dabber on ports 5554 and 8967... Old stuff, but the bug
is helping me debug.
On Mon, 19 Jul 2004 16:42:04 -0700 (PDT), mnv@xxxxxxxxxxxxxxxxxxxx
<mnv@xxxxxxxxxxxxxxxxxxxx> wrote:
> FWIW:
> Using NAV Pro 10.0.1.13, Virus Def's updated today, to
> 7/17/2004 defs. Received 3 emails, 44kb attachment,
> none detected as a virus.
>
> BODY OF EMAIL:
> The original message was received at Tue, 20 Jul 2004
> 11:21:16 +1200
> from alumni.princeton.edu [(IP here varies each email)
>
> ----- The following addresses had permanent fatal
> errors -----
> <mnv@xxxxxxxxxxxxxxxxxxxx>
>
> ----- Transcript of session follows -----
> while talking to alumni.princeton.edu.:
> >>> MAIL From:"Automatic Email Delivery Software"
> <postmaster@xxxxxxxxxxxxxxxxxxxx>
> <<< 501 "Automatic Email Delivery Software"
> <postmaster@xxxxxxxxxxxxxxxxxxxx>...
> Refused
>
> ATTACHMENTS:
> message.zip
> letter.com
> pni.zip
>
> Subjects:
> Test
> <none>
> Returned mail: Data format error
>
> And a 4th, subject "Deliveryfailed" that just shows up
> as garbage text in the body, webmail indicates
> attachment present.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html