Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Bounced emails with viral attachments - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bounced emails with viral attachments
Users have been reporting a rise in bounced email messages with virus attachments. This may indicate a rise in machines infected with a MiMail.* style worm.

I should stress the importance of properly configuring your Anti-Virus Gateway to strip attachments on bounced mail messages.

Your users should be informed (yet again :-) not to click on an attachment in a bounced email message, especially if they did not send it out to begin with.

A couple of messages that were reported matched the file names associated with Mimail.E. For more on Mimail, see the references below:

http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.e@mm.html
http://www.sophos.com/virusinfo/analyses/w32mimaile.html

We have also noticed an upswing in both 53/UDP (possibly a gradual increase in Sinit/Calpso traffic) as well as 2234/TCP (Directplay). Are all the gamers fragging tonight, or is something else lurking?

Port 53/UDP traffic:
http://isc.sans.org/port_details.html?port=53

Port 2234/TCP traffic:
http://isc.sans.org/port_details.html?port=2234

For more on Sinit/Calypso, see the recent Handlers diary: http://isc.sans.org/diary.html?date=2003-12-16

---------

Handler on Duty: Mike Poor http://www.digitalguardian.net
Mike

49 Posts

Sign Up for Free or Log In to start participating in the conversation!