Re: [suse-security] unwanted virus infected email spam
Michael/Martin
Thanks for the replies and info :)
At this point, I am strongly considering whether to simply reject all mail
with .scr or .vbs attachments - presumably, this requires an edit to my
sendmail.cf file ... question now is where/what exactly do I need to
change? ;)
Tnx, Michael
Martin Leweling
(kind of off topic) Has anyone been receiving periodic emails with virus infected attachments from an address proporting to be hahaha@sexyfun.net?
It is really annoying me at this point because this w**ker seems to be sequentially trying all combinations ********@storm.ie and I am getting a couple of quarantine notifications every week from the antivirus software on our mail server.
I did try adding a REJECT rule for hahaha@sexyfun.net to /etc/mail/access
Yes. I've got three of them during the last three days. This is a virus worm known as "Hybris". It's modular nature makes allows for uploading new "features" all the time. -
this seemed to work for a week or two but the problem has since returned. Any ideas as to what I might try next as this kind of mindless activity really does my head in ...
Blocking this email-Adress won't help, because there are other senders with the same virus. The subject line and attachment names are also highly variable. The only solution to identify it is to run "strings" on the attachment and looking for the appearance of the string "HYBRIS".
Thanks,
Michael
Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
although I don't know where you edit sendmail.cf (probably have to recompile it) but... When you find out HOW. Ya ought to add these too: I'd allow *.JPG,*.JPEG,*.PNG,*.GIF,*.ICO,*.WMF,*.EMF,*.VCF,*.EML,*.MSG I'd disable HAPPY99.EXE,LOVELETTER*.VBS,*.PIF,*.SCR,*.SHS,*.EML I'd warn *.*,*.EXE,*.COM,*.BAT,*.CMD,*.VBS,*.JS,*.PL,*.BAS,*.JAVA,*.REG,*.EML
participants (2)
-
michael.ryan@storm.ie
-
phil