[esa-l] Email worm warning

John D. Hardin jhardin at wolfenet.com
Thu Dec 16 14:00:05 PST 1999 

Please add the filenames in the attached message to your poisoned
executables list. The poisoned executables list is not case-sensitive.

Note that the sanitizer defangs the HTML scripting that is likely used
to automate this attack (I haven't seen a copy so I cannot say
positively), and the executable filenames will be mangled even if you
do not add them to the poisoned executables list, but if they are not
on the poisoned executables list the recipient will still receive the
message and will be able to save the attachment, rename it, and
execute it, thus infecting themselves.

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Failure to plan ahead on someone else's part does not constitute an
  emergency on my part.
                                  - David W. Barts in a.s.r
                                    <davidb at ce.washington.edu>
-----------------------------------------------------------------------
   16 days until the Y2K apocalypse - keep gold & ammo handy!



---------- Forwarded message ----------
Date: Thu, 16 Dec 1999 09:32:00 -0800
From: "MIS Department - CI Holding Group, Inc." <mis at ciholding.com>
To: jhardin at wolfenet.com
Subject: ALERT: NewApt for Poisoned list

Just keeps getting worse...

http://www.symantec.com/avcenter/venc/data/worm.newapt.html

# New Apt Files
g-zilla.exe
cooler3.exe
cooler1.exe
copier.exe
video.exe
pirate.exe
goal1.exe
hog.exe
party.exe
saddam.exe
monica.exe
boss.exe
farter.exe
cheeseburst.exe
panther.exe
theobbq.exe
goal.exe
baby.exe
bboy.exe
cupid2.exe
fborfw.exe
casper.exe
irnglant.exe
gadget.exe

i n f o r m a t i o n   t e c h n o l o g y   d e p a r t m e n t
-------------------------------------------------------------------------------
              C I  H O L D I N G  G R O U P ,  I N C
e-mail:// mis at ciholding.com      tel:// +1 (858) 673-8536
                     fax:// +1 (858) 673-9579


--------------------------------------------------------------------------
To remove yourself from the Email-Security-Announce list, send a message

More information about the esd-l mailing list