ALERT: Message from info-gnu-fortran was cleaned; File valign.bat infect

info-gnu-fortran

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ALERT: Message from info-gnu-fortran was cleaned; File valign.bat infect

From:	fire-smtp02 . fire . fordham . edu/FIRE%FIRE
Subject:	ALERT: Message from info-gnu-fortran was cleaned; File valign.bat infected with I-Worm.Klez.h (aka Win32/Klez.H.Worm, W32/address@hidden, W32/address@hidden, W32/Klez-H, Win32.Klez.H) virus,HTMLBODY has Exploit.IFrame.FileDownload (aka HTML.MimeExploit.Klez)
Date:	Sun, 3 Nov 2002 14:14:50 -0500

Please refer to the Antigen Quarantine Area for more details.

 INCIDENT
------------------------------------------------------------------------------------------------------------------------

 Scan Time:       11/03/2002 02:14:49 PM
 Detection:       File valign.bat infected with I-Worm.Klez.h (aka
Win32/Klez.H.Worm, W32/address@hidden, W32/address@hidden, W32/Klez-H, 
Win32.Klez.H)
virus,HTMLBODY has Exploit.IFrame.FileDownload (aka HTML.MimeExploit.Klez)
 Disposition:     Note has been cleaned
 Quarantined:     (Document link: Quarantine Area document)
CN=fire-smtp02.fire.fordham.edu/O=FIRE!!D:\Lotus\Domino\Data\A6QArea.NSF
 Version:         Antigen 6.0 SR3 (Build 607)


 MESSAGE
------------------------------------------------------------------------------------------------------------------------

 Message ID:      0069B9CF
 Sender:          info-gnu-fortran <address@hidden>
 Subject:         17  2001
 Recipients:      address@hidden
 Routing:


 SYNOPSIS
------------------------------------------------------------------------------------------------------------------------

HTML Message Body
      << Exploit.IFrame.FileDownload (aka HTML.MimeExploit.Klez) >>
      Status:       Removed
      << HTML Message Body >>
      Scanner:      CA(InoculateIT) 23.58.1 [23.58.11] OK
      Scanner:      NAI 4.1.60 [4.2.31] OK
      Scanner:      Norman 5.0.0 [5.0.0] OK
      Scanner:      Sophos 2.13.0 [3.62.0] OK
      Scanner:      Kaspersky 4.0.273 [0.0.59754] Exploit.IFrame.FileDownload
      Scanner:      CA(Vet) 10.54.1 [10.54.4208] HTML.MimeExploit.Klez

FILE ATTACHMENT 'g77_33.html'
      << Normal >>
      File size:    114409 bytes
      Host type:    STREAM
      Compression:  OFF
      Attributes:   PUBLIC READ-WRITE
      File flags:   2
      Created:      11/03/2002 02:14:48 PM
      Modified:     11/03/2002 02:14:48 PM
      Status:       OK

FILE ATTACHMENT 'valign.bat'
      << I-Worm.Klez.h (aka Win32/Klez.H.Worm, W32/address@hidden, 
W32/address@hidden, W32/Klez-H, Win32.Klez.H) >>
      File size:    88698 bytes
      Host type:    STREAM
      Content type:              Exe.Win32
      Compression:  OFF
      Attributes:   PUBLIC READ-WRITE
      File flags:   2
      Created:      11/03/2002 02:14:48 PM
      Modified:     11/03/2002 02:14:48 PM
      Status:       Displaced
      << valign.bat >>
      Scanner:      Kaspersky 4.0.273 [0.0.59754] I-Worm.Klez.h
      Scanner:      CA(InoculateIT) 23.58.1 [23.58.11] Win32/Klez.H.Worm
      Scanner:      NAI 4.1.60 [4.2.31] W32/address@hidden
      Scanner:      Norman 5.0.0 [5.0.0] W32/address@hidden
      Scanner:      Sophos 2.13.0 [3.62.0] W32/Klez-H
      Scanner:      CA(Vet) 10.54.1 [10.54.4208] Win32.Klez.H

[Prev in Thread]

Current Thread

[Next in Thread]

ALERT: Message from info-gnu-fortran was cleaned; File valign.bat infected with I-Worm.Klez.h (aka Win32/Klez.H.Worm, W32/address@hidden, W32/address@hidden, W32/Klez-H, Win32.Klez.H) virus,HTMLBODY has Exploit.IFrame.FileDownload (aka HTML.MimeExploit.Klez), fire-smtp02 . fire . fordham . edu/FIRE%FIRE <=

Next by Date: faucet
Next by thread: faucet
Index(es):
- Date
- Thread