E-mail account disabling warning.
Dear user, the management of Suse.com mailing system wants to let you know that, We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions. For details see the attach. In order to read the attach you have to use the following password: 26753. Sincerely, The Suse.com team http://www.suse.com
Am Mittwoch, 3. März 2004 23:28 schrieb staff@suse.com:
Dear user, the management of Suse.com mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
For details see the attach.
In order to read the attach you have to use the following password: 26753.
Sincerely, The Suse.com team http://www.suse.com
Sorry for this but it is annoying... Michael
On Wed, Mar 03, 2004 at 11:44:54PM +0100, Michael Dehn wrote:
Am Mittwoch, 3. März 2004 23:28 schrieb staff@suse.com:
Dear user, the management of Suse.com mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
For details see the attach.
In order to read the attach you have to use the following password: 26753.
Sincerely, The Suse.com team http://www.suse.com
Sorry for this but it is annoying...
Smart virus too. The zip is encrypted, so scanning it is very hard. The scanner can't automatically unpack it. I am receiving quite a lot of these mails, I think this is going to be a big one :-( To get straight back on topic: does anybody know a good content scanner for sendmail? Preferably a milter. -- Erik Hensema (erik@hensema.net)
Erik Hensema wrote:
On Wed, Mar 03, 2004 at 11:44:54PM +0100, Michael Dehn wrote:
Am Mittwoch, 3. März 2004 23:28 schrieb staff@suse.com:
Dear user, the management of Suse.com mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
For details see the attach.
In order to read the attach you have to use the following password: 26753.
Sincerely, The Suse.com team http://www.suse.com
Sorry for this but it is annoying...
Smart virus too. The zip is encrypted, so scanning it is very hard. The scanner can't automatically unpack it. I am receiving quite a lot of these mails, I think this is going to be a big one :-(
To get straight back on topic: does anybody know a good content scanner for sendmail? Preferably a milter.
We use amavis http://www.amavis.org and ClamAV http://www.clamav.net. I am currently using Postfix, but I used to use the amavis-milter when we were running sendmail. They are both great products. Amavis comes with SuSE, but the Clam Antivirus is a separate download. So far I haven't found anything to deal with passworded zip files. I heard something about trying each word in the message as a password (which would work well, for now) but I haven't heard anyone getting that to work automatically yet with anything. -- Pam
-----Original Message----- From: Erik Hensema [mailto:erik@hensema.net] Sent: 03 March 2004 23:46 To: Michael Dehn Cc: suse-security@suse.com Subject: Re: [suse-security] E-mail account disabling warning.
Am Mittwoch, 3. März 2004 23:28 schrieb staff@suse.com:
Dear user, the management of Suse.com mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
For details see the attach.
In order to read the attach you have to use the following
On Wed, Mar 03, 2004 at 11:44:54PM +0100, Michael Dehn wrote: password:
26753.
Sincerely, The Suse.com team http://www.suse.com
Sorry for this but it is annoying...
Smart virus too. The zip is encrypted, so scanning it is very hard. The scanner can't automatically unpack it. I am receiving quite a lot of these mails, I think this is going to be a big one :-(
Okay, how to get round this? Possibly tell your scanner to reject .zip files containing files with extension .exe+. .com+ etc etc. I haven't actually received a single one of these .zip files, but the above tip was one I saw on the NTBugTraq list which apparently works with Norton Anti-Virus for Exchange V2.1. I imagine amavis/clamAV would be able to be configured this way. Sorry to sully this list with mention of Windows products (at least I'm not so sad and lonely as to insist on using pathetic name calling such as "Outbreak" etc)! Tom.
On 3/3/04 5:44 PM, "Michael Dehn" <mhdehn@arcor.de> wrote:
Am Mittwoch, 3. März 2004 23:28 schrieb staff@suse.com:
Dear user, the management of Suse.com mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
For details see the attach.
In order to read the attach you have to use the following password: 26753.
Sincerely, The Suse.com team http://www.suse.com
Sorry for this but it is annoying...
Michael
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
What is it??? Is it from suse or fake? I've received a few of these odd ball things. -- Thanks, George "...Linux, MS-DOS, and Windows XP" (also known as the Good, the Bad, and the Ugly)
On 3/3/04 6:56 PM, "george" <gasjr4wd@mac.com> wrote:
What is it???
Is it from suse or fake?
I've received a few of these odd ball things.
Never mind- I should have continued reading the others first before posting. Sorry- -- Thanks, George Macintosh "Many Applications Crash, If Not, The Operating System Hangs"
Quoting staff@suse.com:
Dear user, the management of Suse.com mailing system wants to let you know that,
Maybe the suse staff should protect their mailing list from foolish windows using subscribers and deny their servers to forward mail to the mailinglist server with suse.com or .de sender, that does not come from their internal mail servers. Or using TLS and from servers with the proper cert. Now here is thought, I guess they already do this and my guess is... that somewhere in SuSE ppl are working which use... Nah this can't be! BB, Arjen
Maybe the suse staff should protect their mailing list from foolish windows using subscribers and deny their servers to forward mail to the mailinglist server with suse.com or .de sender, that does not come from their internal mail servers. Or using TLS and from servers with the proper cert.
There is a basic protection only letting through suscribed senders, but this didn't work, because there is no fdqn-check implemented in the mailing-system. A fdqn-check would help killing those not coming from the correct address. Even had fun with W32/Netsky.C@mm and other W32 Viruses from faked addresses on our networks with round about 5000 mails the last months. Philippe
participants (8)
-
Arjen Runsink -
Erik Hensema -
george -
Michael Dehn -
Philippe Vogel -
ppatters@cbnco.com -
staff@suse.com -
Tom Knight