ICANN/DNSO
DNSO Mailling lists archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [ga] Reliability of the Internet - the silent battle - part 2


I am sorry if it caused you concern. The DAT file, while not normally
executable, shouldn't have been there. I thought my methods had removed it.
My filters had already renamed it to the DAT type, which is a non-executable
type under windows, and I manually deleted the attachment from the message.
Apparently, that was unsuccessful. If Norton detected it then either NAV is
using external message data or I indeed failed to remove the attachment.

In the latter case, I apologize. I went back to my Sent Files folder to
check and it appears to not have the attachment, under binary scan of the
message, even though the message header thinks it still has the file. But,
playing around with virii isn't safe by any stretch and that's the main
reason I don't do it. Because it was a DAT file, it should still be dead.
But, I won't repeat that move anytime soon. Again, I apologize for the
inconvenience.

Now, if I can get that system in China to quit sending me free copies of
SirCam ....

|> -----Original Message-----
|> From: Peter de Blanc [mailto:pdeblanc@usvi.net]
|> Sent: Wednesday, November 07, 2001 2:20 AM
|> To: 'Roeland Meyer'; 'GA DNSO (E-mail)'
|> Subject: RE: [ga] Reliability of the Internet - the silent 
|> battle - part
|> 2
|> 
|> 
|> Roeland:
|> 
|> The file you attached, ATT00010.DAT,  262 K bytes, was identified as
|> "32.Sircam.Worm@mm"  and "quarantined" by my Norton 
|> Anti-Virus corporate
|> edition version 7.51.847.
|> 
|> Peter de Blanc
|> 
|> -----Original Message-----
|> From: owner-ga@dnso.org [mailto:owner-ga@dnso.org] On Behalf 
|> Of Roeland
|> Meyer
|> Sent: Tuesday, November 06, 2001 10:27 PM
|> To: GA DNSO (E-mail)
|> Subject: RE: [ga] Reliability of the Internet - the silent 
|> battle - part
|> 2
|> 
|> 
|> Hold on guys! The shell was there but the virus wasn't. It 
|> was a message
|> that showed an attachment, without the attachment.
|> 
|> |> -----Original Message-----
|> |> From: Roeland Meyer [mailto:rmeyer@mhsc.com]
|> |> Sent: Tuesday, November 06, 2001 1:32 PM
|> |> To: GA DNSO (E-mail)
|> |> Subject: [ga] Reliability of the Internet - the silent
|> |> battle - part 2
|> |> 
|> |> 
|> |> This is an example of something that didn't survive my
|> |> filters. I looked at
|> |> the attachement, it wasn't spam. Rather, it was an attached virus.
|> |> 
|> |> I have included the traceroute for validation. It
|> |> purportedly came from
|> |> china. The point is that, file attachments are becoming a 
|> |> less reliable
|> |> means to distribute documents.
|> |> 
|> |> --- techies-only below here ---
|> |> 
|> |> pheonix:/root
|> |> Tue Nov  6 13:07:51 [bash:root:59]#> traceroute 211.101.48.83 
|> |> traceroute to 211.101.48.83 (211.101.48.83), 30 hops max, 40 byte 
|> |> packets  1  spkez.gw.mhsc.net (216.27.184.225)  5 ms  3 ms  2 ms
|> |>  2  gw-081-176.sfo1.dsl.speakeasy.net (216.27.176.1)  27 ms  
|> |> 21 ms  33 ms
|> |>  3  border3.fe5-3.speakeasy-9.sff.pnap.net (216.52.86.28)  
|> |> 19 ms  21 ms  19
|> |> ms
|> |>  4  core1.fe0-1-bbnet2.sff.pnap.net (216.52.80.65)  20 ms  
|> |> 21 ms  20 ms
|> |>  5  sl-gw12-sj-1-1.sprintlink.net (144.232.217.17)  22 ms  
|> |> 20 ms  21 ms
|> |>  6  sl-gw12-sj-9-0.sprintlink.net (144.232.3.145)  25 ms  22 
|> |> ms  32 ms
|> |>  7  sl-bb20-tac-11-1.sprintlink.net (144.232.9.214)  56 ms  
|> |> 39 ms  41 ms
|> |>  8  sl-gw4-tac-0-0.sprintlink.net (144.232.17.6)  38 ms  
|> 41 ms  40 ms
|> |>  9  * sle-chinatelecom-3-0.sprintlink.net (160.81.25.6)  443 ms *
|> |> 10  p-13-0-r1-c-bjbj-1.cn.net (202.97.33.9)  502 ms  303 
|> ms  200 ms
|> |> 11  p-2-0-r1-a-bjbj-2.cn.net (202.97.38.50)  188 ms  201 
|> ms  219 ms
|> |> 12  202.96.12.50 (202.96.12.50)  287 ms  324 ms  271 ms
|> |> 13  202.106.193.206 (202.106.193.206)  199 ms  195 ms  196 ms
|> |> 14  202.108.254.75 (202.108.254.75)  199 ms  197 ms  196 ms
|> |> 15  211.101.63.2 (211.101.63.2)  500 ms  505 ms  514 ms
|> |> 16  211.101.63.9 (211.101.63.9)  229 ms  230 ms  231 ms
|> |> 17  211.101.48.83 (211.101.48.83)  530 ms  553 ms  565 ms
|> |> 
|> |> |> -----Original Message-----
|> |> Received: from junhoo.com (211.101.48.83 [211.101.48.83]) by
|> |> condor.mhsc.com
|> |> with SMTP (Microsoft Exchange Internet Mail Service Version 
|> |> 5.5.2650.21)
|> |> 	id TTWMVQKL; Tue, 6 Nov 2001 13:04:47 -0800
|> |> Received: from CR380220-A.etob1.on.wave.home.com [24.101.18.46] by
|> |> junhoo.com
|> |>   (SMTPD32-7.04 EVAL) id AF54350042; Wed, 07 Nov 2001 
|> 05:00:04 +0800
|> |> From: "0"<0
|> |> To: rmeyer@mhsc.com
|> |> Subject: Flight crews rely on passengers to stop trouble
|> |> date: Tue, 6 Nov 2001 16:12:47 -0500
|> |> MIME-Version: 1.0
|> |> X MIME OLE: Produced By Microsoft MimeOLE V5.50.4133.2400
|> |> X-Mailer: Microsoft Outlook Express 5.50.4133.2400
|> |> Co ntent Type: multi part/m ixed; boun
|> |> dary="----41C1485D_Outlook_Express_message_boundary"
|> |> Con tent Disposition: Multipart message
|> |> Message-Id: 
|> |> <200111070500554.SM00932@CR380220-A.etob1.on.wave.home.com>
|> |> 
|> |> ------41C1485D_Outlook_Express_message_boundary
|> |> Content Type: text/plain; charset=ISO-8859-1
|> |> Content Transfer-Encoding: quoted-printable
|> |> Content Disposition: message text
|> |> 
|> |> ------41C1485D_Outlook_Express_message_boundary
|> |> Content Type: application/mixed; na me="Flight crews rely on
|> |> passengers to
|> |> stop trouble.doc.com"
|> |> Content Transfer-Encoding: base64
|> |> Content Disposition: attachment;  file name="Flight crews 
|> |> rely on passengers
|> |> to stop trouble.doc.com"
|> |> 
|> |> ------41C1485D_Outlook_Express_message_boundary
|> |> |> From: 0 [mailto:0]
|> |> |> Sent: Tuesday, November 06, 2001 1:13 PM
|> |> |> To: rmeyer@mhsc.com
|> |> |> Subject: Flight crews rely on passengers to stop trouble
|> |> |> 
|> |> |> 
|> |> |> Hi! How are you?
|> |> |>  
|> |> |> This is the file with the information that you ask for
|> |> |>  
|> |> |> See you later. Thanks
|> |> |> 
|> |> 
|> |> 
|> --
|> This message was passed to you via the ga@dnso.org list.
|> Send mail to majordomo@dnso.org to unsubscribe
|> ("unsubscribe ga" in the body of the message).
|> Archives at http://www.dnso.org/archives.html
|> 
|> --
|> This message was passed to you via the ga@dnso.org list.
|> Send mail to majordomo@dnso.org to unsubscribe
|> ("unsubscribe ga" in the body of the message).
|> Archives at http://www.dnso.org/archives.html
|> 
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>