[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ALERT: Message from info-gnu-fortran was cleaned; File valign.bat infect
From: |
fire-smtp02 . fire . fordham . edu/FIRE%FIRE |
Subject: |
ALERT: Message from info-gnu-fortran was cleaned; File valign.bat infected with I-Worm.Klez.h (aka Win32/Klez.H.Worm, W32/address@hidden, W32/address@hidden, W32/Klez-H, Win32.Klez.H) virus,HTMLBODY has Exploit.IFrame.FileDownload (aka HTML.MimeExploit.Klez) |
Date: |
Sun, 3 Nov 2002 14:14:50 -0500 |
Please refer to the Antigen Quarantine Area for more details.
INCIDENT
------------------------------------------------------------------------------------------------------------------------
Scan Time: 11/03/2002 02:14:49 PM
Detection: File valign.bat infected with I-Worm.Klez.h (aka
Win32/Klez.H.Worm, W32/address@hidden, W32/address@hidden, W32/Klez-H,
Win32.Klez.H)
virus,HTMLBODY has Exploit.IFrame.FileDownload (aka HTML.MimeExploit.Klez)
Disposition: Note has been cleaned
Quarantined: (Document link: Quarantine Area document)
CN=fire-smtp02.fire.fordham.edu/O=FIRE!!D:\Lotus\Domino\Data\A6QArea.NSF
Version: Antigen 6.0 SR3 (Build 607)
MESSAGE
------------------------------------------------------------------------------------------------------------------------
Message ID: 0069B9CF
Sender: info-gnu-fortran <address@hidden>
Subject: 17 2001
Recipients: address@hidden
Routing:
SYNOPSIS
------------------------------------------------------------------------------------------------------------------------
HTML Message Body
<< Exploit.IFrame.FileDownload (aka HTML.MimeExploit.Klez) >>
Status: Removed
<< HTML Message Body >>
Scanner: CA(InoculateIT) 23.58.1 [23.58.11] OK
Scanner: NAI 4.1.60 [4.2.31] OK
Scanner: Norman 5.0.0 [5.0.0] OK
Scanner: Sophos 2.13.0 [3.62.0] OK
Scanner: Kaspersky 4.0.273 [0.0.59754] Exploit.IFrame.FileDownload
Scanner: CA(Vet) 10.54.1 [10.54.4208] HTML.MimeExploit.Klez
FILE ATTACHMENT 'g77_33.html'
<< Normal >>
File size: 114409 bytes
Host type: STREAM
Compression: OFF
Attributes: PUBLIC READ-WRITE
File flags: 2
Created: 11/03/2002 02:14:48 PM
Modified: 11/03/2002 02:14:48 PM
Status: OK
FILE ATTACHMENT 'valign.bat'
<< I-Worm.Klez.h (aka Win32/Klez.H.Worm, W32/address@hidden,
W32/address@hidden, W32/Klez-H, Win32.Klez.H) >>
File size: 88698 bytes
Host type: STREAM
Content type: Exe.Win32
Compression: OFF
Attributes: PUBLIC READ-WRITE
File flags: 2
Created: 11/03/2002 02:14:48 PM
Modified: 11/03/2002 02:14:48 PM
Status: Displaced
<< valign.bat >>
Scanner: Kaspersky 4.0.273 [0.0.59754] I-Worm.Klez.h
Scanner: CA(InoculateIT) 23.58.1 [23.58.11] Win32/Klez.H.Worm
Scanner: NAI 4.1.60 [4.2.31] W32/address@hidden
Scanner: Norman 5.0.0 [5.0.0] W32/address@hidden
Scanner: Sophos 2.13.0 [3.62.0] W32/Klez-H
Scanner: CA(Vet) 10.54.1 [10.54.4208] Win32.Klez.H
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- ALERT: Message from info-gnu-fortran was cleaned; File valign.bat infected with I-Worm.Klez.h (aka Win32/Klez.H.Worm, W32/address@hidden, W32/address@hidden, W32/Klez-H, Win32.Klez.H) virus,HTMLBODY has Exploit.IFrame.FileDownload (aka HTML.MimeExploit.Klez),
fire-smtp02 . fire . fordham . edu/FIRE%FIRE <=