За последние два дня стало приходить множество почтовых сообщений от имени SecurityFocus и TrendMicro, с содержащимися в них Троянами. Почтовое сообщение идет с выполнимым вложением по имени FIX_NIMDA.EXE. Название вложения соответствует тому, которое бесплатно распространяет TrendMicro для удаления вируса NIMDA (FIX_NIMDA.com). Этой ночью SecurityFocus разослал письма всем своим подписчикам о возможном нападении с просьбой присылать ей все подобные письма. Ниже пример такого письма:

Return-Path: <aris-report@securityfocus.com>
Received: (qmail 24362 invoked from network); 30 Sep 2001 23:46:17 -0000
Received: from corderoatado.arnet.com.ar (HELO dominios2.arnet.com.ar) (200.45.0.3)
by gate.bulinfo.net with SMTP; 30 Sep 2001 23:46:17 -0000
Received: from mcdark ([217.228.174.48]) by dominios2.arnet.com.ar with Microsoft SMTPSVC(5.5.1877.357.35);
Sun, 30 Sep 2001 20:45:05 -0300
Message-ID: <002901c14a09$f12b6a80$0100a8c0@mcdark>
From: <aris-report@securityfocus.com>
To: <Teraton@sbline.net>
Cc: <Teraton@bulinfo.net>,
<ktzenov@hotmail.com>
Subject: Possible Nimda Worm infection
Date: Mon, 1 Oct 2001 01:45:03 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=»—-=_NextPart_000_0025_01C14A1A.B058CFA0″
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Return-Path: aris-report@securityfocus.com
Status: RO
Content-Length: 912884
Lines: 11932

This is a multi-part message in MIME format.

——=_NextPart_000_0025_01C14A1A.B058CFA0
Content-Type: multipart/alternative;
boundary=»—-=_NextPart_001_0026_01C14A1A.B058CFA0″

——=_NextPart_001_0026_01C14A1A.B058CFA0
Content-Type: text/plain;
charset=»iso-8859-1″
Content-Transfer-Encoding: quoted-printable

Hello,
This mail is from the ARIS Analyzer Service (Attack Registry and =
Intelligence=20
Service) from SecurityFocus in cooperation with Trend Micro =
Incorporated.
=20
As you are probably aware from the media, the Nimda worm started =
spreading.
It has come to our attention that your system(s),
listed below have been identified as being compromised by the Nimda =
Worm. =20
The Nimda Worm is rapidly spreading across the Internet.=20



Оставить мнение