Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: New/recent virus outbreak

from [Nick Duda] Network Security [Permanent Link]
Subject: RE: New/recent virus outbreak
Date: Wed, 20 Apr 2005 18:02:22 -0400 
What I can add to this is that Trend Micro wasnt detecting this Toofo.F 
properly. I called them and they acknowledged they had a problem with the DAT 
file (many customers called) and would have an update for it by end of day. Our 
Symantec AV (on the workstations) was picking them up and removing it.
 
Yes, the source from address was spoofed to look like it came from the user it 
went to (ie: if it went to John Doh , it came from JDoh), of course the headers 
where a different story. As of now still no fix from Trend....

        -----Original Message----- 
        From: Dan Denton [mailto:ddenton@PAYLESSOFFICE.com] 
        Sent: Wed 4/20/2005 3:36 PM 
        To: focus-virus@securityfocus.com 
        Cc: 
        Subject: New/recent virus outbreak
        
        

        Have anyone seen any virus infected emails coming from addresses with
        usernames identical to those on your own email servers, but from domains
        like hotmail.com or netzero.com ? These emails seem to be sent from a
        spoofed email address such as example.user@netzero.com, and are sent to
        example.user@mydomain.com.
        
        Also, the attached files are always zip files, and have been named
        4.zip, 5.zip, 6.zip, and work.zip .
        
        A bounce message from one of our customers suggests they blocked an
        email from on of our users that was infected with trojan.tooso.F, but
        the emails stopped don't exhibit those characteristics, And even
        Symantec's write-up says this virus doesn't send it's own emails.
        
        Is it possible there's a beagle variant that is spreading the Tooso
        trojan as part of it's payload? Thanks in advance.
        
        Dan Denton
        Information Technology Manager, CCNA
        Pay-LESS Office Products
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: New/recent virus outbreak, Beauford, Jason
Next by Date:  RE: New/recent virus outbreak, Tallat Haq
Previous by Thread:  RE: New/recent virus outbreak, Tallat Haq
Next by Thread:  Re: New/recent virus outbreak, Ron Brown
Indexes:  [Date] [Thread] [Top] [All Lists]