Re: [Exim] [Heads up] W32/Yaha.E p

Góra strony
Delete this message
Reply to this message
Autor: Douglas Gray Stephens
Data:  
Dla: Juha Saarinen
CC: exim-users
Temat: Re: [Exim] [Heads up] W32/Yaha.E p
Juha,

At 10:55 (GMT+1200) on 3-July-2002, Juha Saarinen wrote:
> I found the following in my inbox, seemingly from MAILER-DAEMON@ my
> domain:


Yes, this is a confirmed virus -- see
http://www.sophos.com/virusinfo/analyses/w32yahae.html
or
http://vil.mcafee.com/dispVirus.asp?virus_k=99528


Douglas.

>
>
>
> <HTML><HEAD></HEAD><BODY>
> <FONT></FONT>
> This message was created automatically by mail delivery software
> (Exim).<BR><BR>A message that you sent could
> not be delivered to one or more of its recipients.<BR>This is a permanent
> error. The following address(es)
> failed:someaddress@fqdn<BR><BR>For further assistance, please contact <
> postmaster@yourdomain ><BR>If you
> do so, please include this problem report. You can<BR>delete your own text
> from the message returned
> below.<BR><BR>Copy of your message, including all the headers is
> attached<BR></BODY></HTML>
>
 >     [ Part 2, Message/RFC822  346bytes. ]
 >     [ Not Shown. Use the "V" command to view or save this part. ]

>
> <HTML><HEAD></HEAD><BODY>
> <iframe src=cid:wssv height=0 width=0>
> </iframe>
> <FONT></FONT>
>
> </BODY></HTML>
>
>
> (formatting munged a bit by linewrapping)
>
> Now, that's not how Exim sends out DSNs, in HTML. Turns out that it's the
> work of a new virus, W32/Yaha.E or W32/Lentin.F@mm as it's also known.
> (Thanks to Nick FitzG at Virus-L for identifying the critter.)
>
> The virus tries to take advantage of unpatched IE/OE installations, with
> the IFRAME code that executes when you view the message.
>
> Thought it might be a good idea to warn the list about these fake DSNs.
>
> --
> Juha Saarinen
>
>


--

================================
Douglas GRAY STEPHENS
Technical Architect (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND

Phone  +44 1223 325295
Mobile +44 773 0051628
Fax    +44 1223 311830
Email DGrayStephens@???
================================