Mime-Version: |
1.0 (Apple Message framework v619) |
Sender: |
|
Subject: |
|
From: |
|
Date: |
Fri, 13 Aug 2004 13:18:45 -0500 |
Content-Type: |
multipart/mixed; boundary=Apple-Mail-1-297292267 |
Reply-To: |
|
Parts/Attachments: |
text/plain
(1086 bytes)
, text/enriched
(1978 bytes)
, image.tiff
(12 kB)
, image.tiff
(12 kB)
, text/plain
(12 kB)
, text/enriched
(12 kB)
, image.tiff
(12 kB)
, image.tiff
(12 kB)
, text/plain
(12 kB)
, text/enriched
(12 kB)
, image001.gif
(7 kB)
, image002.gif
(7 kB)
|
|
This is from OUHSC; I'm sure not everyone on omrf-isg is on their
mailing list...
Begin forwarded message:
From: "IT Security \(HSC\)" <[log in to unmask]>
Date: August 9, 2004 2:18:39 PM CDT
To: "HSC-OUHSC" <[log in to unmask]>
Subject: *** VIRUS ALERT *** - OFFICIAL COMMUNICATION FROM INFORMATION
SECURITY SERVICES
Received: from LIPIZZAN.hsc.net.ou.edu ([157.142.13.170]) by
MRED.hsc.net.ou.edu with Microsoft SMTPSVC(6.0.3790.0); Mon, 9 Aug 2004
14:20:11 -0500
Mime-Version: 1.0
Content-Class: urn:content-classes:message
Content-Type: multipart/signed; micalg=SHA1;
boundary="----=_NextPart_000_0008_01C47E1B.C3DB6A50";
protocol="application/x-pkcs7-signature"
Return-Path: <[log in to unmask]>
X-Mimeole: Produced By Microsoft Exchange V6.5.7226.0
X-Originalarrivaltime: 09 Aug 2004 19:20:11.0020 (UTC)
FILETIME=[E3A374C0:01C47E45]
Message-Id:
<[log in to unmask]>
X-Ms-Has-Attach: yes
X-Ms-Tnef-Correlator:
Thread-Topic: *** VIRUS ALERT *** - OFFICIAL COMMUNICATION FROM
INFORMATION SECURITY SERVICES
Thread-Index: AcQIUaZH+Clj2LMoSZOhLEc7NSgG5h18dUYQ
ATTENTION ALL OUHSC Faculty, Staff, and Students
We have received reports that a new virus (W32/Bagle.aq@MM) is
sending email with an infectious .ZIP attachment.
Steps you should follow:
Step #1
DO NOT open the attachment associated with this email.
Step #2
Delete the email.
If you opened the attachment contact your departmental technical
support or Tier 1 immediately.
VIRUS CHARACTERISTICS SHOWN BELOW:
From : (address is spoofed)
Subject : (blank)
Body Text:
• new price
There is indication in the file that it may also try to
password-protect some ZIP files, in which case it will add one of the
following to the message body:
• The password is
• Password:
The password will then be contained in an embedded image file.
Attachment: (may be one of the following)
• price.zip
• price2.zip
• price_new.zip
• price_08.zip
• 08_price.zip
• newprice.zip
• new_price.zip
• new__price.zip
The ZIP file contains PRICE.EXE and PRICE.HTML, as described above.
For more information see: http://vil.nai.com/vil/content/v_127423.htm
Information Security Services
University of Oklahoma
Health Science Center
http://www.ouhsc.edu/it/security/
|
|
|