Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] unwanted virus infected email spam

On Wednesday 18 July 2001 15:39, michael.ryan@xxxxxxxx wrote:
> (kind of off topic)
> Has anyone been receiving periodic emails with virus infected attachments
> from an address proporting to be hahaha@xxxxxxxxxxx?

Yes. I've got three of them during the last three days. This is a virus
worm known as "Hybris". It's modular nature makes allows for uploading
new "features" all the time.

> It is really annoying me at this point because this w**ker seems to be
> sequentially trying all combinations ******** and I am getting a
> couple of quarantine notifications every week from the antivirus software
> on our mail server.
> I did try adding a REJECT rule for hahaha@xxxxxxxxxxx to /etc/mail/access -
> this seemed to work for a week or two but the problem has since returned.
> Any ideas as to what I might try next as this kind of mindless activity
> really does my head in ...

Blocking this email-Adress won't help, because there are other senders
with the same virus. The subject line and attachment names are also highly
variable. The only solution to identify it is to run "strings" on the
attachment and looking for the appearance of the string "HYBRIS".

> Thanks,
> Michael

Martin Leweling
Institut fuer Planetologie, WWU Muenster
Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany

< Previous Next >