Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] unwanted virus infected email spam
  • From: michael.ryan@xxxxxxxx
  • Date: Wed, 18 Jul 2001 15:36:10 +0100
  • Message-id: <OF84AA69C8.604EC921-ON80256A8D.00502D41@xxxxxxxx>

Michael/Martin

Thanks for the replies and info :)
At this point, I am strongly considering whether to simply reject all mail
with .scr or .vbs attachments - presumably, this requires an edit to my
sendmail.cf file ... question now is where/what exactly do I need to
change? ;)

Tnx, Michael





Martin Leweling
<lewelin@uni-mu To: michael.ryan@xxxxxxxx, suse-security@xxxxxxxx
enster.de> cc:
Subject: Re: [suse-security] unwanted virus infected email spam
07/18/2001
03:30 PM
Please respond
to lewelin






Hi,

On Wednesday 18 July 2001 15:39, michael.ryan@xxxxxxxx wrote:
> (kind of off topic)
> Has anyone been receiving periodic emails with virus infected attachments
> from an address proporting to be hahaha@xxxxxxxxxxx?

Yes. I've got three of them during the last three days. This is a virus
worm known as "Hybris". It's modular nature makes allows for uploading
new "features" all the time.

> It is really annoying me at this point because this w**ker seems to be
> sequentially trying all combinations ********@storm.ie and I am getting a
> couple of quarantine notifications every week from the antivirus software
> on our mail server.
>
> I did try adding a REJECT rule for hahaha@xxxxxxxxxxx to /etc/mail/access
-
> this seemed to work for a week or two but the problem has since returned.
> Any ideas as to what I might try next as this kind of mindless activity
> really does my head in ...

Blocking this email-Adress won't help, because there are other senders
with the same virus. The subject line and attachment names are also highly
variable. The only solution to identify it is to run "strings" on the
attachment and looking for the appearance of the string "HYBRIS".

>
> Thanks,
>
> Michael

Regards,
Martin
--
Martin Leweling
Institut fuer Planetologie, WWU Muenster
Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany

--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx






< Previous Next >
Follow Ups