Symantec users should be setting their auto update to check for new definitions EVERY DAY, and not the default setting of every Friday. I've gone a step further and have an AT scheduled job pulling down the enterprise update every hour and applying it to our primary SAV server. Trend is setup similarly for our email protection. -John Gercken Security guy -----Original Message----- From: Neatherly, William [mailto:William.Neatherlyat_private] Sent: Friday, August 01, 2003 3:29 PM To: 'Michael.Washingtonat_private'; Danny Cc: incidentsat_private Subject: RE: WORM_MIMAIL.A Anyone have any info on what this does yet? Trend has released an update, also reportedly a cleaner as well. -Bill -----Original Message----- From: Michael.Washingtonat_private [mailto:Michael.Washingtonat_private] Sent: Friday, August 01, 2003 2:25 PM To: Danny Cc: incidentsat_private Subject: Re: WORM_MIMAIL.A Anyone have any info on what this does yet? McAfee here identified it as EXPLOIT-CODEBASE, but this is listed as known in their dictionary since 2002. May be a misidentification on engine's part. No cleaner was yet available. Checking with McAfee Avert and WebImmune. Danny <drh26at_private To: incidentsat_private > cc: Subject: WORM_MIMAIL.A Anyone have any info on what this does yet? 08/01/2003 12:56 PM We are getting flooded with these little puppies, does anyone have any additional info on what this thing does once it infects a host? I'll be infecting a box to test myself after i send this email but if anyone has done testing already it would great to hear your input. Norton have released a Def for this and identify the virus as WORM_MIMAIL.A (http://securityresponse.symantec.com/avcenter/venc/data/ w32.mimail.aat_private) If any one would like a copy of the original code you can get it at http://akasha.irt.drexel.edu/message.zip Danny Work - http://www.eBoundary.com - Secure, FreeBSD hosting. Play - http://www.eBoundary.net - Who really sets your electronic boundaries? AIM: eBoundaryTch | ICQ: 3090141 --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 04 2003 - 08:25:09 PDT