[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] new virus: (fwd)

To: Ron Clark <ron@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] new virus: (fwd)
From: Daniel Tams <dantams@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 19 Sep 2003 20:51:56 +0200 (CEST)

On Fri, 19 Sep 2003, Ron Clark wrote:

> 
> 
> ---------- Forwarded message ----------
> Date: Fri, 19 Sep 2003 18:22:00 +0300
> From: Eero Volotinen <security@xxxxxxxx>
> To: Ron Clark <ron@xxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Full-Disclosure] new virus:
> 
> Yes, it's swan virus.
> 
> --
> Eero
> 
> If you meant swen, this doesn't look like swen. Nothing mentioning
> micro$oft

Today I received a copy of both emails and they both came from the same
host within a 15 minute interval. That makes me also believe that they are
connected somehow.

Maybe a computer infected by either worm will propagate using both types?

Return-Path: <info@xxxxxxxxxxxxxxxx>
Delivered-To: dantams@xxxxxxxxxxxxxxxxxxxxx
Received: (qmail 13136 invoked from network); 19 Sep 2003 18:01:13 -0000
Received: from kellylake96-79.cyberbeach.net (HELO 
mail.personainternet.com) (216.104.96.79)
  by ratbert.danieltams.dyndns.org with SMTP; 19 Sep 2003 18:01:13 -0000
Received: (qmail 5864 invoked from network); 19 Sep 2003 18:00:56 -0000
Received: from unknown (HELO xdzodhgt) ([24.139.19.217])
          (envelope-sender <info@xxxxxxxxxxxxxxxx>)
          by mail.personainternet.com (qmail-ldap-1.03) with SMTP
          for <cwage@xxxxxxxxxxxxxx>; 19 Sep 2003 18:00:56 -0000
FROM: "Microsoft Security Bulletin" <sftrlxuiylqcma@xxxxxxxxxxxxxxxxxxx>
TO: "Customer" <okyq_cfrnzhu@xxxxxxxxxxxxxxxxxxx>
SUBJECT: New Net Upgrade
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="knpuhfthdimw"

Return-Path: <info@xxxxxxxxxxxxxxxx>
Delivered-To: dantams@xxxxxxxxxxxxxxxxxxxxx
Received: (qmail 21824 invoked from network); 19 Sep 2003 18:14:32 -0000
Received: from kellylake96-79.cyberbeach.net (HELO 
mail.personainternet.com) (216.104.96.79)
  by ratbert.danieltams.dyndns.org with SMTP; 19 Sep 2003 18:14:32 -0000
Received: (qmail 12395 invoked from network); 19 Sep 2003 18:14:16 -0000
Received: from unknown (HELO wyxpcpmu) ([24.139.19.217])
          (envelope-sender <info@xxxxxxxxxxxxxxxx>)
          by mail.personainternet.com (qmail-ldap-1.03) with SMTP
          for <payal-bsd@xxxxxxxxxxxx>; 19 Sep 2003 18:14:16 -0000
FROM: "" <xmailservice@xxxxxxxxxxx>
TO: "Internet Recipient" <user@xxxxxxxxxxxxxx>
SUBJECT: Error Advice
Mime-Version: 1.0
Content-Type: multipart/alternative;
        boundary="dmpkrr"

- Daniel

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] new virus: (fwd)
  - From: Kye Lewis

References:
- Re: [Full-Disclosure] new virus: (fwd)
  - From: Ron Clark

Prev by Date: Automat? Was (Re: [Full-Disclosure] new virus: )
Next by Date: Re: [Full-Disclosure] Knox Arkeia 5.1.21 local/remote root exploit
Previous by thread: Re: Automat? Was (Re: [Full-Disclosure] new virus: )
Next by thread: Re: [Full-Disclosure] new virus: (fwd)
Index(es):
- Date
- Thread