Hosting Provided By

klez variant??

From: Peter Snell <PSnell(at)daymon.com>
Date: Thu Jan 30 2003 - 13:11:25 EST

Over the past 2 days, we have been seeing a resurgence of Klez type activity. However, this appears to be getting past our a/v software. The symptoms we see are:

spoofed email address
unusual subject
no body
attachments with .scr, .bat, .exe, .jpg extensions (there may be others, but this is what we've examined so far)
when the email is opened, even in preview pane, it launches Media Player but is unable to find the specified file.

Has anyone else seen this type of activity lately, or have any thoughts on this?

Thanks,

Peter

Peter Snell, MCP
LAN Admin
Daymon Associates
* (210) 299-8164
* psnell@daymon.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Fri Jan 31 12:35:56 2003

This message: [ Message body ]
Next message: greg(at)optionsinternet.com: "RE: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)"
Previous message: Kurt Seifried: "Re: Packet from port 80 with spoofed microsoft.com ip"
Next in thread: James C Slora Jr: "RE: klez variant??"
Reply: James C Slora Jr: "RE: klez variant??"
Reply: Nick FitzGerald: "Re: klez variant??"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:56 EDT