We are just dropping everything from adminat_private This message seems to always use admin as the "From:" field and just append our company name to it. We will probably also use another piece of equipment to do a subject line drop also. http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100523 JayW >>> "Schmehl, Paul L" <paulsat_private> 08/01/03 01:16PM >>> <http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm .html> We're blocking message.zip at the gateway. Paul Schmehl (paulsat_private) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ > -----Original Message----- > From: Danny [mailto:drh26at_private] > Sent: Friday, August 01, 2003 12:56 PM > To: incidentsat_private > Subject: WORM_MIMAIL.A Anyone have any info on what this does yet? > > > We are getting flooded with these little puppies, does anyone > have any > additional info on what this thing does once it infects a > host? I'll be infecting a box to test myself after i send > this email but if > anyone has done testing already it would great to hear your input. --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 01 2003 - 14:16:58 PDT