HERB - warning... (Atten, Mod!!)
j'lynn yeates
jyeates at realtime.net
Tue Dec 5 15:25:25 PST 2000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: owner-herbalist at ansteorra.org
> [mailto:owner-herbalist at ansteorra.org]On Behalf Of Wolf Kestris
> Rowanwood
> Sent: Tuesday, December 05, 2000 16:31
> To: herbalist at ansteorra.org
> Subject: Re: HERB - warning... (Atten, Mod!!)
>
>
> Not sure if anyone else has been getting this or not.
> But that Snowhite email that contains the Hybrid .exe virus, is
> still circulating the list. I've gotten the email 4 times now. Not
> sure who is coming from, either deliberately or accidentaly, as it
> doesn't show a sender beyond ' HaHaHa', and I wasn't about to open
> it to try to find out.
only 4? as of the last one i got from this list a short while ago,
i'm up to a even dozen interceptions & automatic quarantines by
Norton AV 2001 - all intercepted from three scadian elists (this one
and 2 others).
the header data on these are rather interesting (after defusing the
payloads by NAV, been saving all of the host messages out of
curiosity) .. provides maps where they came from (the message body is
safe ... it's only text, the infected executable payload in the
attachment named as a screen saver - read the message, it con's you
into "looking", you open the attachment, run the screen saver, your
system is infected, and the virus is passed along via that persons
addressbook to the next victim(s) - in this case the sender has the
scadian elist(s) in their addressbook ... so it vectors to a one-many
delivery & cycle continues
until this idiocy ends, perhaps the list owner might want to
terminate the processing of attachments by the server .... would
close down the elist / newsgroup vector for this particular variant,
though you're sill on your own to protect against the direct
point-point email exploits .. in interim, i suggest that those who
are concerned create a simple filter on their email client that
automatically deletes all messages from "Hahaha" or that has the
"seven dwarf" subject line (even better if you're client allows you
do to that on the email server you use before you download ....) .
and keep those antivirus clients up to date!
also, the list owner needs to manually go into the archives for this
list and DELETE all instances of these infected messages ... until
then they are landmines ... anyone who opens them from those archives
is potentially at risk.
> -Wolf
'wolf
... discordia lo volt!
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOi15Zc50zdvN3Vp0EQKONACeN7c4KeG2DNW1QmzNVyu1IGAGy6YAnAzu
QEsNieC7JNv+mZ/TwXdxqLEp
=BmE/
-----END PGP SIGNATURE-----
============================================================================
Go to http://lists.ansteorra.org/lists.html to perform mailing list tasks.
More information about the Herbalist
mailing list