Users have been reporting a rise in bounced email messages with virus attachments. This may indicate a rise in machines infected with a MiMail.* style worm.
I should stress the importance of properly configuring your Anti-Virus Gateway to strip attachments on bounced mail messages.
Your users should be informed (yet again :-) not to click on an attachment in a bounced email message, especially if they did not send it out to begin with.
A couple of messages that were reported matched the file names associated with Mimail.E. For more on Mimail, see the references below:
We have also noticed an upswing in both 53/UDP (possibly a gradual increase in Sinit/Calpso traffic) as well as 2234/TCP (Directplay). Are all the gamers fragging tonight, or is something else lurking?
Port 53/UDP traffic:
Port 2234/TCP traffic:
For more on Sinit/Calypso, see the recent Handlers diary: http://isc.sans.org/diary.html?date=2003-12-16
Handler on Duty: Mike Poor http://www.digitalguardian.net
Dec 19th 2003
1 decade ago