security@microsoft.com, maybe ofn but whatever

[Putrid]

our mail servers here at work just caught a bunch of emails going through with the subject "use this patch imediately" and the sender adress is security@microsoft.com but the return path is, Return-Path: <admin@duma.gov.ru>

how long has this been going around?

and what does it do when you run it?


anyone?

 

[[MoM] Gort]

We've been seeing off-and-on outbreaks for a couple of weeks now. Here's a link from Symantec on what it does:
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

 

[Putrid]

thanks gort but I think I found it,,,

http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru@mm.html, it's more like this I think.


damn this just hit our severs, I am probably going to be busy on the phone today after our first "I thought it was real" user decides to 'do the update'...

damn, I was hoping for a quiet friday

 

[[MoM] Gort]

I feel your pain.

My staff and I have actually done a pretty good job at training our users not to open stuff like this. I've also got our Groupshield server screwed down pretty tight, so even though we have to deal with the emails themselves, by the time they get to the user they're clean.

 

[Putrid]

I feel your pain.

My staff and I have actually done a pretty good job at training our users not to open stuff like this. I've also got our Groupshield server screwed down pretty tight, so even though we have to deal with the emails themselves, by the time they get to the user they're clean.

our users are mostly all government employees, city utilities, city halls, and whatnot...


guess how many of them will open them :OMG:

 

[iNVAR]

It's probably Swen as that's the one that's making its way around right now. Just went through our network.

Here's an interesting story:
About 2 weeks ago, I had my supervisor send out a schoolwide mail warning users not to open those attachments in an official looking mail from Microsoft.

Yesterday, someone emails tech support asking whether she should open it or not. My manager, who never takes any trouble calls usually, decides to answer this one himself and say "We'll have a definite answer for you later today as we're having a meeting with Microsoft." Now, first off, the meeting he was going to have had nothing to do with the virus. Second, he now looks like an idiot because of course, as a tech that knows something, I have an obligation to respond to the email and actually attach the message HE originally sent out warning users of it. And third, I can only imagine how bad he would look if he actually asked MS about this.

Managers, pfft...

 

[[MoM] Gort]

Your manager doesn't a.) keep apprised of new virus threats, b.) know that M$ doesn't "patch via email", and/or c.) know that unsolicited email attachments are most likely viruses?

Where do you work again? Are they hiring?

 

[iNVAR]

to answer your first question, no, he doesn't know any of that

to answer your 2nd and 3rd question: i work at a school, and no they're not hiring.

 

[Patton]

1. McAfee sucks.

2. I'm 95 percent sure our network got hit with this yesterday, or a close variant. We're running Win2k on NTFS partitions, and it spread through our network like wildfire. Came up as "Valla.b" on our shit.

If you're running McAfee w/ Win2k, ignore the virus detected shit and reboot into Safe Mode w/ command prompt. You can run the scanpm program there to get rid of the infected system files. Reboot when its done and run a scan in windows to be sure.

Basically, McAfee dropped the ball (like I knew it would eventually.) It let the virus in, and waited until it started infecting files to notify anyone. I'm guessing some genius ignored my boss's email not to open this, and we got hit. Fuckers.