Wait...wait...wait. You block .xls and .doc files, but you don't block .zip files?!?
-----Original Message----- From: Stephen Grant [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 27, 2004 10:13 AM To: Exchange Discussions Subject: RE: RE : New variant of W32/Dumaru.y Sybari's Antigen is deleting the .EXE file within the zip and leaving the zip format intact. Which is good news because I use zip to get files through to associates that I know would be stopped by the filter. (.xls, .doc.) Stephen Grant IT/IM Officer Federal Superannuates National Association > -----Original Message----- > From: Hague, Jeff [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 27, 2004 1:07 PM > To: Exchange Discussions > Subject: RE: RE : New variant of W32/Dumaru.y > > > I started quarantining zips at our firewall yesterday evening > at about 5pm EST and it has been steady at 5 - 7 per minute > since. I have always blocked exe, bat, cmd, vbs, etc but I > let zips through and everyone has gotten used to that - I > guess well have to change that now... > > Jeff Hague > MCSE > Network Manager > Randolph-Macon College > Ashland, VA > > -----Original Message----- > From: Bourque Daniel [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 27, 2004 12:24 PM > To: Exchange Discussions > Subject: RE : New variant of W32/Dumaru.y > > > Well, I hope everybody have a lot of fun!!! We have received > 3000 of those > little critter since yesterday night. > > How can anybody let PIF/EXE/CMD/any executable file inside > their network, > even if it's in a zip file??? > > > > -----Message d'origine----- > De : Scott Weston [mailto:[EMAIL PROTECTED] > Envoy� : 26 janvier, 2004 20:48 > � : Exchange Discussions > Objet : RE: New variant of W32/Dumaru.y > > > MessageLabs, the leading provider of managed email security > services to > businesses worldwide, has intercepted a high number of copies > of a new worm > known as W32/Mydoom.A-mm. > > Name: W32/Mydoom.A-mm > Number of copies intercepted so far: 165,598 > Time & Date first captured: 13.03pm GMT, 26th Jan 04 > Origin of first intercepted copy: Russia > > W32/Mydoom.A-mm is a mass-mailing worm that attempts to > spread via email and > by copying itself to any available shared directories used by Kazaa. > > The worm harvests addresses from infected machines and > targets files with > the following extensions: .wab, .adb, .tbb, .dbx, .asp, .php, > .sht, ..htm, > .txt. > > > > > > On January 23, 2004, MessageLabs, the leading provider of > managed email > security services to businesses worldwide, intercepted a > large number of > copies of another variant of the Dumaru email worm - W32/Dumaru.Y. > > > General > The initial copy of this new variant originated from the > United States. To > date, the majority of infected emails that MessageLabs has > intercepted were > sent from the United Kingdom - 42% of the total number of emails seen. > > Name: W32/Dumaru.Y-mm > Aliases: W32/Dumaru.Z-mm > Number of copies intercepted so far: 5,027 > Time & Date first Captured: 23rd Jan 2004, 20.56 GMT > Origin of first intercepted copy: United States > > The worm arrives as an attachment to an email called > myphoto.zip (17Kb). The > sender's email address may be forged, and therefore does not > indicate the > true identity of the sender. > > > > > > > > -----Original Message----- > From: Steve [mailto:[EMAIL PROTECTED] > Sent: Monday, January 26, 2004 4:15 PM > To: Exchange Discussions > Subject: New variant of W32/Dumaru.y > > > We got a new variant of this that neither McAfee or Trend is stopping > (extra.dat is on the way). It is zipped and the subject and > attachment name changes. Here is a link to NAI's description: > > http://vil.nai.com/vil/content/v_100980.htm > > Still nothing from Trend. This thing spreads like fire. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
