OMRF-ISG Archives

OMRF's Information Support Group

omrf-isg@SPEEDY.OUHSC.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Fwd: *** VIRUS ALERT *** - OFFICIAL COMMUNICATION FROM INFORMATION SECURITY SERVICES
From:
Todd Walker <[log in to unmask]>
Reply To:
OMRF's Information Support Group <[log in to unmask]>
Date:
Fri, 13 Aug 2004 13:18:45 -0500
Content-Type:
multipart/mixed
Parts/Attachments:
text/plain (1086 bytes) , text/enriched (1978 bytes) , image.tiff (12 kB) , image.tiff (12 kB) , text/plain (12 kB) , text/enriched (12 kB) , image.tiff (12 kB) , image.tiff (12 kB) , text/plain (12 kB) , text/enriched (12 kB) , image001.gif (7 kB) , image002.gif (7 kB) 
This is from OUHSC; I'm sure not everyone on omrf-isg is on their
mailing list...

Begin forwarded message:

From: "IT Security \(HSC\)" <[log in to unmask]>
Date: August 9, 2004 2:18:39 PM CDT
To: "HSC-OUHSC" <[log in to unmask]>
Subject: *** VIRUS ALERT *** - OFFICIAL COMMUNICATION FROM INFORMATION
SECURITY SERVICES
Received: from LIPIZZAN.hsc.net.ou.edu ([157.142.13.170]) by
MRED.hsc.net.ou.edu with Microsoft SMTPSVC(6.0.3790.0); Mon, 9 Aug 2004
14:20:11 -0500
Mime-Version: 1.0
Content-Class: urn:content-classes:message
Content-Type: multipart/signed; micalg=SHA1;
boundary="----=_NextPart_000_0008_01C47E1B.C3DB6A50";
protocol="application/x-pkcs7-signature"
Return-Path: <[log in to unmask]>
X-Mimeole: Produced By Microsoft Exchange V6.5.7226.0
X-Originalarrivaltime: 09 Aug 2004 19:20:11.0020 (UTC)
FILETIME=[E3A374C0:01C47E45]
Message-Id:
<[log in to unmask]>
X-Ms-Has-Attach: yes
X-Ms-Tnef-Correlator:
Thread-Topic: *** VIRUS ALERT *** - OFFICIAL COMMUNICATION FROM
INFORMATION SECURITY SERVICES
Thread-Index: AcQIUaZH+Clj2LMoSZOhLEc7NSgG5h18dUYQ





 

ATTENTION ALL OUHSC Faculty, Staff, and Students

 

We have received reports that a new virus  (W32/Bagle.aq@MM)  is 
sending email with an infectious .ZIP attachment.

 

Steps you should follow:

Step #1
DO NOT open the attachment associated with this email.

Step #2
Delete the email.

If you opened the attachment contact your departmental technical 
support or Tier 1 immediately. 

 VIRUS CHARACTERISTICS  SHOWN BELOW:





 


 From : (address is spoofed)
Subject : (blank)

Body Text:
        •     new price

  There is indication in the file that it may also try to 
password-protect some ZIP files, in which case it will add one of the 
following to the message body:
        •     The password is
        •      Password:

  The password will then be contained in an embedded image file.

Attachment: (may be one of the following)
        •     price.zip
        •      price2.zip
        •      price_new.zip
        •      price_08.zip
        •      08_price.zip
        •      newprice.zip
        •      new_price.zip
        •      new__price.zip

  The ZIP file contains PRICE.EXE and PRICE.HTML, as described above.

For more information see: http://vil.nai.com/vil/content/v_127423.htm

Information Security Services
University of Oklahoma
Health Science Center
http://www.ouhsc.edu/it/security/

ATOM RSS1 RSS2