gotta love it, linux says "save to disk"? bwahahaha, all ou m$ weenies, vulnerable again.
MacGregor, Ian A. wrote: >It's a new one not KLEZ ... >-----BEGIN PGP SIGNED MESSAGE----- > >A number of people have received email from contacts at other sites >with the subject line "Your Password!" > >This is a new email-based worm that hit many European High Energy >Physics sites earlier today and is now affecting sites in the US. >The anti-virus companies have updates available soon, but in the >meantime the SLAC email gateway has stripped on the order of 600 >infected email attachments destined to SLAC users. At this time, we >have no reports of infection within SLAC and we should remain safe >even from those who infect their own machines by reading email from >non-SLAC sources (home insititutions, Yahoo, Hotmail, etc.) and then >executing the "Decrypt-password.exe" file. > >Here is a quote from the CIAC "Heads-Up" on this latest worm ... > > There are reports this morning of DOE sites being hit > by the W32/Frethem.K@mm worm. The worm uses its own > SMTP engine to send itself to email addresses that it > finds in the Microsoft Windows Address Book and in .dbx, > .wab, .mbx, .eml, and .mdb files. The email message > arrives with the following characteristics: > > Subject: Re: Your Password! > Attachments: Decrypt-password.exe and Password.txt > Size of attachment: 48,640 bytes > > The affected systems are Windows 95, Windows 98, > Windows NT, Windows 2000, Windows XP, and Windows ME. > > The worm exploits the "Incorrect MIME Header Can Cause > IE to Execute E-mail Attachment" vulnerability (CIAC > Bulletin L-066) in Microsoft Internet Explorer > (version 5.01 or 5.5 without SP2). > > > >-----BEGIN PGP SIGNATURE----- >Version: PGP 7.0.4 > >iQCVAwUBPTMKjF1NwfDT0XdRAQGAMQP/YXjQ8xz4XnRk02OYyrGKzDSQEaIOBm/Y >H19u0QJ9t68UH8bpOf3uGtZFNV4koieizW2d39/Eiyl/HKzuPa7tkjR+QE/CFvjX >RMg2XkYwbL1fuNyVDqjbPP400G/rYPAHnOjWEtUtXjPKrZnKT+IbPJUTQHjPGkJR >jEa9o/Sejws= >=vrs9 >-----END PGP SIGNATURE----- > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] >Sent: Monday, July 15, 2002 9:08 AM >To: Multiple recipients of list ORACLE-L > > >Bunyamin, > > Did you pick up a copy of worm_klez somewhere? > >Dick Goulet > >____________________Reply Separator____________________ >Author: [EMAIL PROTECTED] >Date: 7/15/2002 6:53 AM > ><HTML><HEAD></HEAD><BODY> ><FONT COLOR˙F0000> ><b>ATTENTION!</b><br><br> >You can access<br> ><b>very important</b><br> >information by<br> >this password<br><br> ><b>DO NOT SAVE</b><br> >password to disk<br> >use your mind<br><br> >now press<br> ><b>cancel</b><br><br> >(Bunyamin Karadeniz)</font></BODY></HTML> ><iframe src=cid:W8dqwq8q918213 height=0 width=0></iframe> > > >-- >Please see the official ORACLE-L FAQ: http://www.orafaq.com >-- >Author: > INET: [EMAIL PROTECTED] > >Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 >San Diego, California -- Public Internet access / Mailing Lists >-------------------------------------------------------------------- >To REMOVE yourself from this mailing list, send an E-Mail message >to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in >the message BODY, include a line containing: UNSUB ORACLE-L >(or the name of mailing list you want to be removed from). You may >also send the HELP command for other information (like subscribing). > > -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Joe Testa INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).