Re: [ga] Re: VIRUS ADVISORY - W32/Netsky.s@MM - Ken Stubbs duped?
Don and all former DNSO GA members or other interested stakeholders/users,
Don Brown wrote:
> Yes. It forges the return address. What don't you understand, other
> than Stubbs was NOT responsible?
I do understand that it is ONE possibility, not necessarily the cause...
Why didn't Ken understand as a fellow stakeholder/user that he could
have prevented this sort of thing occurring IF indeed this virus was
the actual cause or he was a victim of it...
>
>
> Let's get on with something of value . . . .
We are. And we should. If this was not of value, given it's source
than what is? Ignorance is no excuse for becoming a victim, IF Ken
is indeed a victim in this instance... Given his many Email personas,
that remains a matter of some doubt...
>
>
> Thanks,
>
> Tuesday, April 6, 2004, 8:41:47 PM, Jeff Williams <jwkckid1@xxxxxxxxxxxxx>
> wrote:
> JW> Richard, Ken, and all former DNSO GA members or other interested
> JW> stakeholders/users,
>
> JW> perhaps Ken was duped? See below...
>
> JW> McAfee Security wrote:
>
> >> (((((((((((((((((((( McAfee Security )))))))))))))))))))))))
> >>
> >> [ This message is being sent to all all McAfee customers who
> >> registered their McAfee product and opted-in to receive virus
> >> alert information. If you wish to no longer receive email
> >> from McAfee, please unsubscribe at the bottom of this message. ]
> >>
> >> ------------------------------------------------------------
> >> ** VIRUS ADVISORY - W32/Netsky.s@MM **
> >> ------------------------------------------------------------
> >>
> >> Dear Jeff,
> >>
> >> Another variant of the W32/Netsky.MM virus, W32/Netsky.s@MM
> >> is a Medium Risk mass-mailing worm that arrives inside a
> >> .PIF attachment. When run, the worm tries to open a backdoor
> >> on TCP Port 6789, which can help a remote hacker download
> >> and execute potentially malicious programs on the infected
> >> system. W32/Netsky.s@MM will also launch a Denial of Service
> >> attack on various domains, including www.kazaa.com, starting
> >> in mid-April. The worm spreads itself by stealing email
> >> addresses from the infected computer, spoofing or forging
> >> the "from: field."
> >>
> >> ------------------------------------------------------------
> >> WHAT TO LOOK FOR:
> >>
> >> FROM: Varies (forged addresses taken from infected system).
> >>
> >> SUBJECT: Varies. Examples (check our site for the complete
> >> list):
> >> - Hello!
> >> - Hi!
> >> - Re: Important
> >>
> >> BODY: Varies. The message may be constructed using a pool of
> >> strings within the worm.
> >>
> >> ATTACHMENT: Varies, but has a .PIF extension. The filename
> >> is constructed from strings within the worm, with a
> >> random number appended to it. Examples:
> >> - account
> >> - postcard
> >> - sample
> >> - developement
> >> ------------------------------------------------------------
> >>
> >> Up-to-date McAfee VirusScan users with dat 4348 are protected
> >> from this threat.
> >>
> >> Learn More about W32/Netsky.s@MM:
> >> ==> http://us.mcafee.com/root/campaign.asp?cid=9999
> >>
> >> Scan for W32/Netsky.s@MM:
> >> ==> http://us.mcafee.com/root/campaign.asp?cid=10000
> >>
> >> ____________________Virus Fixes_____________________
> >>
> >> McAfee VirusScan 8.0
> >> McAfee Internet Security Suite 6.0
> >> Stop viruses, trojans, worms, and more. Now includes
> >> email and attachment scanning.
> >>
> >> Update DAT file
> >> ==> http://us.mcafee.com/root/campaign.asp?cid=8245
> >>
> >> Upgrade Center
> >> Make sure you have the very latest Internet protection.
> >> ==> http://us.mcafee.com/root/campaign.asp?cid=8246
> >>
> >> Bundle Center
> >> Build your own security bundle here.
> >> ==> http://us.mcafee.com/root/campaign.asp?cid=9569
> >>
> >> Members Only! Exclusive deals for valued McAfee Security
> >> customers like yourself.
> >> ==> http://us.mcafee.com/root/campaign.asp?cid=9570
> >>
> >>
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >>
> >>
> >> [ You are currently subscribed as: jwkckid1@xxxxxxxxxxxxx ]
> >>
> >> Please feel free to forward this email to any interested
> >> friends, family and associates.
> >>
> >> Subscribe: If you received this message from a friend and
> >> would like to subscribe to eSecurity News, virus alerts and
> >> special offers, go here.
> >> ==> http://dispatch.mcafee.com/us/sub.asp
> >>
> >> Unsubscribe: If you prefer not to receive future email from
> >> McAfee, please go here.
> >> ==> http://us.mcafee.com/root/campaign.asp?cid=9825
> >>
> >> Need further assistance? Visit McAfee Support.
> >> ==> http://us.mcafee.com/root/support.asp
> >>
> >> View our privacy policy.
> >> ==> http://us.mcafee.com/root/campaign.asp?cid=8207
> >>
> >> McAfee is a business unit of Network Associates, Inc.
> >> 3965 Freedom Circle, Santa Clara, CA 95054, (408) 992-8599
> >> © 2004, Networks Associates Technology, Inc. All Rights Reserved.
> >>
> >>
>
> JW> Regards,
>
> JW> --
> JW> Jeffrey A. Williams
> JW> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
> JW> "Be precise in the use of words and expect precision from others" -
> JW> Pierre Abelard
>
> JW> "If the probability be called P; the injury, L; and the burden, B;
> JW> liability depends upon whether B is less than L multiplied by
> JW> P: i.e., whether B is less than PL."
> JW> United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
> JW> ===============================================================
> JW> Updated 1/26/04
> JW> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
> JW> IDNS. div. of Information Network Eng. INEG. INC.
> JW> E-Mail jwkckid1@xxxxxxxxxxxxx
> JW> Registered Email addr with the USPS
> JW> Contact Number: 214-244-4827
>
> ----
> Don Brown - Dallas, Texas USA Internet Concepts, Inc.
> donbrown_l@xxxxxxxxxxxxxxxx http://www.inetconcepts.net
> PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049
> Providing Internet Solutions Worldwide - An eDataWeb Affiliate
> ----
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Be precise in the use of words and expect precision from others" -
Pierre Abelard
"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng. INEG. INC.
E-Mail jwkckid1@xxxxxxxxxxxxx
Registered Email addr with the USPS
Contact Number: 214-244-4827