ICANN/GNSO GNSO Email List Archives

[ga]

<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Re: VIRUS ADVISORY - W32/Netsky.s@MM - Ken Stubbs duped?

  • To: owner-ga@xxxxxxxxxxxxxx, Jeff Williams <jwkckid1@xxxxxxxxxxxxx>
  • Subject: Re: [ga] Re: VIRUS ADVISORY - W32/Netsky.s@MM - Ken Stubbs duped?
  • From: Don Brown <donbrown_l@xxxxxxxxxxxxxxxx>
  • Date: Tue, 6 Apr 2004 19:21:48 -0500
  • Cc: General Assembly of the DNSO <ga@xxxxxxxxxxxxxx>, Richard Henderson <richardhenderson@xxxxxxxxxxxx>, Ken Stubbs <kstubbs@xxxxxxxxxxx>, "Ken Stubbs (3rd E-mail address)" <kstubbs@xxxxxxxxxxx>, "Ken Stubbs (Yahoo address)" <kstubbs@xxxxxxxxx>
  • In-reply-to: <40735C56.B1155305@ix.netcom.com>
  • Organization: Internet Concepts, Inc.
  • References: <200404061529.1baZ4gWF3NZFk70@mamo> <40735C56.B1155305@ix.netcom.com>
  • Reply-to: Don Brown <donbrown_l@xxxxxxxxxxxxxxxx>
  • Sender: owner-ga@xxxxxxxxxxxxxx
Yes.  It forges the return address.  What don't you understand, other
than Stubbs was NOT responsible?

Let's get on with something of value . . . .

Thanks,


Tuesday, April 6, 2004, 8:41:47 PM, Jeff Williams <jwkckid1@xxxxxxxxxxxxx> wrote:
JW> Richard, Ken, and all former DNSO GA members or other interested
JW> stakeholders/users,


JW>   perhaps Ken was duped?  See below...

JW> McAfee Security wrote:

>>    (((((((((((((((((((( McAfee Security )))))))))))))))))))))))
>>
>> [ This message is being sent to all all McAfee customers who
>> registered their McAfee product and opted-in to receive virus
>> alert information. If you wish to no longer receive email
>> from McAfee, please unsubscribe at the bottom of this message. ]
>>
>> ------------------------------------------------------------
>>             ** VIRUS ADVISORY - W32/Netsky.s@MM **
>> ------------------------------------------------------------
>>
>> Dear Jeff,
>>
>> Another variant of the W32/Netsky.MM virus, W32/Netsky.s@MM
>> is a Medium Risk mass-mailing worm that arrives inside a
>> .PIF attachment. When run, the worm tries to open a backdoor
>> on TCP Port 6789, which can help a remote hacker download
>> and execute potentially malicious programs on the infected
>> system. W32/Netsky.s@MM will also launch a Denial of Service
>> attack on various domains, including www.kazaa.com, starting
>> in mid-April. The worm spreads itself by stealing email
>> addresses from the infected computer, spoofing or forging
>> the "from: field."
>>
>> ------------------------------------------------------------
>> WHAT TO LOOK FOR:
>>
>> FROM: Varies (forged addresses taken from infected system).
>>
>> SUBJECT: Varies. Examples (check our site for the complete
>> list):
>> - Hello!
>> - Hi!
>> - Re: Important
>>
>> BODY: Varies. The message may be constructed using a pool of
>> strings within the worm.
>>
>> ATTACHMENT: Varies, but has a .PIF extension. The filename
>> is constructed from strings within the worm, with a
>> random number appended to it. Examples:
>> - account
>> - postcard
>> - sample
>> - developement
>> ------------------------------------------------------------
>>
>> Up-to-date McAfee VirusScan users with dat 4348 are protected
>> from this threat.
>>
>> Learn More about W32/Netsky.s@MM:
>> ==> http://us.mcafee.com/root/campaign.asp?cid=9999
>>
>> Scan for W32/Netsky.s@MM:
>> ==> http://us.mcafee.com/root/campaign.asp?cid=10000
>>
>> ____________________Virus Fixes_____________________
>>
>> McAfee VirusScan 8.0
>> McAfee Internet Security Suite 6.0
>> Stop viruses, trojans, worms, and more. Now includes
>> email and attachment scanning.
>>
>> Update DAT file
>> ==> http://us.mcafee.com/root/campaign.asp?cid=8245
>>
>> Upgrade Center
>> Make sure you have the very latest Internet protection.
>> ==> http://us.mcafee.com/root/campaign.asp?cid=8246
>>
>> Bundle Center
>> Build your own security bundle here.
>> ==> http://us.mcafee.com/root/campaign.asp?cid=9569
>>
>> Members Only! Exclusive deals for valued McAfee Security
>> customers like yourself.
>> ==> http://us.mcafee.com/root/campaign.asp?cid=9570
>>
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>>
>> [ You are currently subscribed as: jwkckid1@xxxxxxxxxxxxx ]
>>
>> Please feel free to forward this email to any interested
>> friends, family and associates.
>>
>> Subscribe: If you received this message from a friend and
>> would like to subscribe to eSecurity News, virus alerts and
>> special offers, go here.
>> ==> http://dispatch.mcafee.com/us/sub.asp
>>
>> Unsubscribe: If you prefer not to receive future email from
>> McAfee, please go here.
>> ==> http://us.mcafee.com/root/campaign.asp?cid=9825
>>
>> Need further assistance? Visit McAfee Support.
>> ==> http://us.mcafee.com/root/support.asp
>>
>> View our privacy policy.
>> ==> http://us.mcafee.com/root/campaign.asp?cid=8207
>>
>> McAfee is a business unit of Network Associates, Inc.
>> 3965 Freedom Circle, Santa Clara, CA 95054, (408) 992-8599
>> © 2004, Networks Associates Technology, Inc. All Rights Reserved.
>>
>>

JW> Regards,

JW> --
JW> Jeffrey A. Williams
JW> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
JW> "Be precise in the use of words and expect precision from others" -
JW>     Pierre Abelard

JW> "If the probability be called P; the injury, L; and the burden, B;
JW> liability depends upon whether B is less than L multiplied by
JW> P: i.e., whether B is less than PL."
JW> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
JW> ===============================================================
JW> Updated 1/26/04
JW> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
JW> IDNS. div. of Information Network Eng.  INEG. INC.
JW> E-Mail jwkckid1@xxxxxxxxxxxxx
JW>  Registered Email addr with the USPS
JW> Contact Number: 214-244-4827





----
Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
donbrown_l@xxxxxxxxxxxxxxxx         http://www.inetconcepts.net
PGP Key ID: 04C99A55              (972) 788-2364  Fax: (972) 788-5049
Providing Internet Solutions Worldwide - An eDataWeb Affiliate
----
<<< Chronological Index >>>    <<< Thread Index >>>