Re: virus warning

["Alexis" <alexis@attla.net.ar>]

In this case, we are protected !!!!!

We are all using a firewall with netfilter and input policy drop

:))))



----- Original Message ----- 
From: "Fritz Mesedilla" <fritz.mesedilla@overturemedia.com>
To: "Netfilter Mailing List (E-mail)" <netfilter@lists.netfilter.org>
Sent: Tuesday, January 27, 2004 4:30 AM
Subject: RE: virus warning



I forgot to send the details.


W32.Novarg.A@mm is a mass-mailing worm. The worm will arrive as an
attachment with a file extension of .bat, .cmd, .exe, .pif, .scr, or .zip.

When the machine gets infected, the worm will set up a backdoor into the
system by opening TCP ports 3127 thru 3198. This will potentially allow a
hacker to connect to the machine and utilize it as a proxy to gain access to
it's network resources. In addition, the backdoor has the ability to
download and execute arbitrary files.

The worm will perform a DoS starting on February 1, 2004. On February 12,
2004 the worm has a trigger date to stop spreading.


http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html



Cheers,

fritz <www.mesedilla.com>
---
+ Basta Ikaw Lord




-----Original Message-----
From:
Sent: Tuesday, January 27, 2004 2:45 PM
To: Netfilter Mailing List (E-mail)
Subject: Re: virus warning



Obviously this is a really new one ... F-prot didn't catch it .. and mines
up to date ...
However ... since kmail and linux don't much like 7 bit mime ... *grin*

I'm handing this one up to the folks at F-Prot to see why they didn't catch
it...


Alistair.

On January 27, 2004 12:44 am, Fritz Mesedilla wrote:
> friends,
>
> we got a virus in our list.
> clamav warned me about it.
> it's now spreading like fire even on other lists.
>
> thought you might like to be warned.
>
>
> Cheers,
>
> fritz <www.mesedilla.com>
> ---
> + Basta Ikaw Lord
>
>
>
>
> ----------------------------------------------------------------------
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the sender immediately by e-mail and delete this e-mail from your
> system. Please note that any views or opinions presented in this
> email are solely those of the author and do not necessarily represent
> those of the company. Finally, the recipient should check this email
> and any attachments for the presence of viruses. The company accepts
> no liability for any damage caused by any virus transmitted by this
> email.
>
> Overture Media, Inc.
> Direct Line: (632) 635-4785
> Trunkline:   (632) 631-8971 Local 146
> Fax: (632) 637-2206
> Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave.,
> Quezon City 1100


----------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately by e-mail and delete this e-mail from your
system. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent
those of the company. Finally, the recipient should check this email
and any attachments for the presence of viruses. The company accepts
no liability for any damage caused by any virus transmitted by this
email.

Overture Media, Inc.
Direct Line: (632) 635-4785
Trunkline:   (632) 631-8971 Local 146
Fax: (632) 637-2206
Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave.,
Quezon City 1100