[rtpnet-list] new mass mailing worm outbreak
Judy Hallman
hallman at email.unc.edu
Thu Feb 17 08:17:36 EST 2005
To RTPnet members and friends:
Below is part of a message from UNC campus support about a new worm.
As always, do not to open any email attachments that you are not
expecting. RTPnet does not send out emails with files attached, and we
do not distribute security software updates and utilities via email
attachments.
As an example, I received a message this morning with the subject
"Delivery reports about your e-mail" that claimed to be from
Bounced mail <postmaster at rtpnet.org>
It had an attachment named attachment.zip, which I did not open.
Judy Hallman (hallman at rtpnet.org, http://www.rtpnet.org/hallman)
Executive Director, RTPnet, NC (http://www.RTPnet.org/)
-------- Original Message --------
Subject: [support] MAJOR: Campus mass mailing worm outbreak
Date: Wed, 16 Feb 2005 19:17:55 -0500
We started getting
reports from users late this afternoon that they were receiving
messages with an attachment and with one of the following as a
subject:
-----------------------------------------------------------------
hello
hi
error
status test report
delivery failed
Message could not be delivered
Mail System Error - Returned Mail
Delivery reports about your e-mail
Returned mail: see transcript for details
Returned mail: Data format error
-------------------------------------------------------------------
purporting to be from "Post Office" or "postmaster". The
From: address is forged.
The Sophos name of this worm is W32/MyDoom-O and you can read more
about it here:
http://sophos.com/virusinfo/analyses/w32mydoomo.html
More information about the rtpnet-list
mailing list