Eskimo North


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Forged Virus: "Status"





Early Sunday morning, an attachment email was sent via this list
(outages-list) spoofed to appear to be from Robert (nanook) when it really
came from a mail server in Lithuania (*.lt) that did not have valid DNS.

    Feb  8 02:09:49 mx2 sendmail[15899]: CAA15899: from=<nanook@eskimo.com>,
    ... bodytype=8BITMIME, proto=ESMTP, relay=[217.17.86.15]

    inetnum:      217.17.86.0 - 217.17.86.255
    netname:      MVTV_NAT_6
    descr:        Mikrovisatos TV cliants NAT pool number 6
    country:      LT

The attachment (doc.zip) appears suspiciously like the 'Mydoom'/'Novarg'
virus (same Subject, one of the listed file names, forged 'From' line,
etc.), so please be sure anti-virus software you have is updated if you
opened the attachment without realizing over the weekend.

I've added a rule in this list's recipes to prevent such address
spoofing/forging -- it had been in place earlier, but recent rebuilds of
SmartList had replaced the modified file (rc.submit).  Took a while today
to rebuild the rule from scratch and run some tests on my own inbox before
making it live in the outages-list ruleset.

~ Eric


Eskimo North Support   | Voice Numbers - (206)812-0051 or 800-246-6874
support@eskimo.com     |   Voice help available 7am to 10:45pm Mon-Fri
PO Box 55816           |      and 11am to 6:45pm Saturday and Sunday
Seattle, WA 98155-0816 |          Fax us at - (206)812-0054