admin
03-03-2004, 03:00 PM
There is a new trojan going around that claims to be from the mail server administrator. The text looks something like the following with different domain names:
Hello user of domainname e-mail server,
Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
auto-forwarding service.
Pay attention on attached file.
In order to read the attach you have to use the following password: 20311.
Have a good day,
The domainname team
The W32.Beagle.K@mm worm:
* Is a variant of W32.Beagle.J@mm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email.
* Sends the attacker the port on which the backdoor listens, as well as the IP address.
* Attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.
The email has the following characteristics:
From: Spoofed to appear as though its coming from the one of the following addresses at the recipient's domain:
* management
* administration
* staff
* noreply
* support
Attachment: A randomly named .exe file, inside a .zip file, or a .pif file. The zip file will be password-protected.
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.k@mm.html
Hello user of domainname e-mail server,
Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
auto-forwarding service.
Pay attention on attached file.
In order to read the attach you have to use the following password: 20311.
Have a good day,
The domainname team
The W32.Beagle.K@mm worm:
* Is a variant of W32.Beagle.J@mm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email.
* Sends the attacker the port on which the backdoor listens, as well as the IP address.
* Attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.
The email has the following characteristics:
From: Spoofed to appear as though its coming from the one of the following addresses at the recipient's domain:
* management
* administration
* staff
* noreply
* support
Attachment: A randomly named .exe file, inside a .zip file, or a .pif file. The zip file will be password-protected.
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.k@mm.html