[sustran] Re: Virus on sustran-discuss

Paul Barter geobpa at nus.edu.sg
Sat Jan 11 14:52:21 JST 2003

Previous message: [sustran] Virus on sustran-discuss
Next message: [sustran] Re: Virus on sustran-discuss
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear sustran-discussers

Regarding Alan's message in response to yesterday's suspicious message
from "Kisan Mehta [je at swisscontact.ph]"...   

Correct me if I am wrong but as far as I can tell no malicious code came
through to sustran-discuss... At least not to me. And my university
filters usually alert me when they intercept such attachments. I agree
with Alan that it certainly does look like other messages in recent days
which have had malicious attachments. Perhaps there are safeguards
somewhere in the system which hosts sustran-discuss, and perhaps they
worked in this case? 

The detailed headers of the message suggest it came from Kisan rather
than Swiss Contact, despite the email address it 'apparently' came from.
Therefore yesterday I immediately took the precaution of suspending
Kisan temporarily from the list and have also now alerted him to the
potential problem. 

I will try to investigate the anti-virus status of JCA networks which
hosts sustran-discuss but I suspect that with the simple majordomo
software the safeguards are probably not very sophisticated. I do know
that the simple filter I have set up that stops large messages does
often catch malicious attachments and benign ones alike. 

Nevertheless, as a general rule please do not send attachments through
sustran-discuss and also do not open attachments from sustran-discuss,
since no legitimate attachments should be appearing here. In general,
ALWAYS be very cautious about clicking on attachments. 

All the best

Paul


Dr Paul Barter
Fellow in the Department of Geography and the Public Policy Programme
National University of Singapore
1 Arts Link, Singapore 117570
Tel: +65-6874 3860; Fax: +65-6777 3091
E-mail: geobpa at nus.edu.sg

-----Original Message-----
From: owner-sustran-discuss at jca.ax.apc.org
[mailto:owner-sustran-discuss at jca.ax.apc.org] On Behalf Of Alan Patrick
Howes
Sent: Saturday, 11 January 2003 11:48 AM
To: 'sustran-discuss at jca.ax.apc.org'
Subject: [sustran] Virus on sustran-discuss


I'm not sure what the following means - but when I got a message with
the same headers on my home machine it seemed to have a 
malicious attachment. My server at work would stop such attachments.

Surely the sustran-discuss server should filter out such stuff?


--
Alan P Howes, Special Transport Advisor,
     Dubai Municipality Public Transport Department
aphowes at dm.gov.ae
http://vgn.dm.gov.ae/DMEGOV/dm-mp-transportation
Tel:    +971 4 286 1616 ext 214
Mobile: +971 50 5989661

-----Original Message-----
From: Kisan Mehta [mailto:je at swisscontact.ph]
Sent: Thu, 09 January, 2003 04:00
To: undisclosed-recipients
Subject: [sustran] Re: Reply on account for IIS-Security


Restricted area response team (RART)



Attachment you sent to Kisan Mehta is intended to overwrite start
address at 0000:HH4F 
To prevent from the further buffer overflow attacks apply the MSO-patch

Previous message: [sustran] Virus on sustran-discuss
Next message: [sustran] Re: Virus on sustran-discuss
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sustran-discuss mailing list