[plug] Nasty Virus Warnings

Craig Foster fostware at iinet.net.au
Tue Oct 2 10:58:22 WST 2001


FYI

Previously, you could guess which e-mails were viruses (eg the Wife
sending Kournikova pics - yeah right!!)
Now this is just getting real nasty.


-------------------------------------------------------
>From SecurityFocus (http://www.securityfocus.com/)

Trojan horse disguised as message from SecurityFocus and TrendMicro
by SecurityFocus

An e-mail message claiming to come from the SecurityFocus ARIS Analyst
Team and TrendMicro is being used to deliver what appears to be a Trojan
horse to unsuspecting users.

Do *not* run this attachment. These messages do not come from TrendMicro
or SecurityFocus, as a quick check of the headers will reveal.

The e-mail message comes with an executable attachment named
FIX_NIMDA.exe. The name is similar to the one used by TrendMicro for their
free Nimda removal tool (FIX_NIMDA.com).

<snip>

(more on the web page...)

------------------------------------------------------

The nasty e-mail looks like this...

To: XXXXXXX at XXXXXXXX.XXX.XX
Subject: Possible Nimda Worm infection
Attatchment: "FIX_NIMDA.exe"

Hello,
This mail is from the ARIS Analyzer Service (Attack Registry and
Intelligence Service) from SecurityFocus in cooperation with Trend Micro
Incorporated. As you are probably aware from the media, the Nimda worm
started spreading.
It has come to our attention that your system(s), listed below have been
identified as being compromised by the Nimda Worm.
The Nimda Worm is rapidly spreading across the Internet. The addresses
identified as belonging to you are as follows:

<insert e-mail addresses here>

You can find up to date information on the Nimda Worm at:

http://aris.securityfocus.com

It is very important that you are checking your Systems that have used
with the identified addresses
with the special Anti Nimda Software that we send you with this mail.
(FIX_NIMDA.EXE)

It is also important that you are updating all your systems.
For this please show at the following URL

http://www.microsoft.com/technet/security/bulletin/MS01-020.asp1-26.html



The SecurityFocus ARIS Analyst Team
aris-report at securityfocus.com

with
--------------------------------------------------------


Craig Foster
fostware at iinet.net.au
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2228 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20011002/90d6850b/attachment.bin>


More information about the plug mailing list