FW: Protected message
Richard Sheehan
sheerich@isu.edu
Mon, 10 Jan 2005 09:30:02 -0700
It seems to me that the old PowerHouse List did not allow for any
attachments... Of course my memory could be failing. I don't know if
this is the case with the New PowerHouse List.
In either case, spoofing has been the rage in plenty of email-virus
propagation schemes. It would seem more probable that someone who is an
active member of this list was infected by the virus. Then in an
attempt to propagate; the virus sends emails from the infected computer
- to anyone who has sent an email to the list (actually any mail on the
infected computer not only the list - unless someone really has
something against Cognos - PowerHouse - or maybe even Bob in particular)
and/or from anyone who has sent email to the list. If you happen to be
caught off guard, your machine becomes involved in the "Your infected
and sending me infected email blame game."
Richard Sheehan
IT Programmer Analyst - T
208-282-2996
Idaho State University
Pocatello, ID 83209-8008
Deskin, Bob wrote:
>Because sometimes documents are zipped and sometimes there are diagrams
>attached. The main things we need to watch for are exe's, scripts, and
>word/excel macros. I don't recall ever sending (or seeing) these on the
>list.
>
>Bob
>
>-----Original Message-----
>From: Olav Kappert [mailto:okappert@canada.com]
>Sent: January 10, 2005 9:56 AM
>To: Deskin, Bob
>Cc: Michael.Lee@mclsystemsinc.com; PowerHouse List
>Subject: Re: FW: Protected message
>
>
>Bob:
>
>To avoid these type of problems in the future, why not strip all non
>TEXT attachments from any email going through the list.
>
>Olav.
>
>Deskin, Bob wrote:
>
>
>
>>I always knew Michael was a bright fellow :-)
>>
>>Seriously, this has happened before and is another stage in the
>>never-ending SPAM war. Our security people have seen this as well and
>>unless they can find a specific source, it's difficult to stop. As I've
>>
>>
>
>
>
>>said before, suspect anything unusual.
>>
>>Bob
>>
>> -----Original Message-----
>> From: powerh-l-admin@lists.sowder.com
>>[mailto:powerh-l-admin@lists.sowder.com] On Behalf Of Michael Lee
>> Sent: January 9, 2005 11:27 AM
>> To: Joe Boyle
>> Cc: 'PowerHouse List'
>> Subject: Re: FW: Protected message
>>
>>
>> Hi Joe,
>>
>> I'm always wary of email coming from Bob ;-).
>>
>>
>> Regards,
>>
>>
>> Michael Lee
>> MCL Systems Inc.
>>
>>
>> Joe Boyle wrote:
>>
>>
>> Hi all,
>>
>> this may be a problem waiting to happen so I thought I'd
>>
>>
>send it on
>
>
>>to you all as a warning. I can't see why Bob would contact me off-list
>>so you might be advised to be wary if you have anything from Bob.
>>
>> Regards, Joe.
>>
>>
>>________________________________
>>
>>
>> From: Joe Boyle [mailto:atla38@dsl.pipex.com]
>> Sent: 09 January 2005 08:30
>> To: 'Bob.Deskin@cognos.com'
>> Subject: FW: Protected message
>>
>>
>>
>> Hi Bob,
>>
>>
>>
>> Just thought I'd let you know about this message, along
>>with all the others from the list ? original details below.
>>
>>
>>
>>
>>
>> ****************** McAfee VirusScan
>>************************
>>
>> ******* Alert generated at: Sun, 09 Jan 2005 03:49:21
>>+0000 *********
>>
>>
>>*********************************************************************
>>
>>
>>
>> McAfee VirusScan has detected a potential threat in this
>>
>>
>e-mail
>
>
>> sent by Bob.Deskin" <Bob.Deskin@cognos.com>
>><mailto:Bob.Deskin@cognos.com> .
>>
>> The following actions were attempted on each suspicious
>>
>>
>part.
>
>
>> We strongly recommend that you report this virus-related
>>
>>
>activity
>
>
>> to Bob.Deskin" <Bob.Deskin@cognos.com>
>>
>>
><mailto:Bob.Deskin@cognos.com>
>
>
>>.
>>
>>
>>
>>
>>
>> The attachment "MoreInfo.exe" is infected with the
>>
>>
>W32/Bagle.aa@MM
>
>
>>Virus(es).
>>
>> This attachment has been deleted to complete the clean
>>
>>
>process.
>
>
>>
>>
>>
>>
>> Regards, Joe.
>>
>> This e-mail and all information contained in it is
>>
>>
>confidential and
>
>
>>may be legally privileged. If you are not the intended recipient, your
>>access to this e-mail is unauthorized. Any use, dissemination,
>>distribution, publication or copying by you of this e-mail or any of
>>the information contained within it is prohibited and may be unlawful.
>>Do not open any attachments, delete it immediately from your system and
>>
>>
>
>
>
>>notify the sender promptly by e-mail that you have done so. The content
>>
>>
>
>
>
>>of this e-mail and any attachments sent with it may have been altered
>>without the consent or knowledge of the author.
>>
>>
>>________________________________
>>
>>
>> From: Bob.Deskin [mailto:Bob.Deskin@cognos.com]
>> Sent: 09 January 2005 03:41
>> To: Atla
>> Subject: Protected message
>>
>>
>>
>>
>>
>>
>>________________________________
>>
>>
>>
>> ****************** McAfee VirusScan
>>************************
>> ******* Alert generated at: Sun, 09 Jan 2005 03:49:21
>>+0000 *********
>>
>>*********************************************************************
>>
>> McAfee VirusScan has detected a potential threat in this
>>
>>
>e-mail
>
>
>> sent by Bob.Deskin" <Bob.Deskin@cognos.com>
>><mailto:Bob.Deskin@cognos.com> .
>> The following actions were attempted on each suspicious
>>part.
>> We strongly recommend that you report this virus-related
>>activity
>> to Bob.Deskin" <Bob.Deskin@cognos.com>
>><mailto:Bob.Deskin@cognos.com> .
>>
>>
>> The attachment "MoreInfo.exe" is infected with the
>>
>>
>W32/Bagle.aa@MM
>
>
>>Virus(es).
>> This attachment has been deleted to complete the clean
>>
>>
>process.
>
>
>>
>> This message may contain privileged and/or confidential
>>information. If you have received this e-mail in error or are not the
>>
>>
>intended recipient, you may not use, copy, disseminate or distribute it;
>do not open any attachments, delete it immediately from your system and
>notify the sender promptly by e-mail that you have done so. Thank you.
>
>
>>
>>
>>
>>
>
> This message may contain privileged and/or confidential information. If you have received this e-mail in error or are not the intended recipient, you may not use, copy, disseminate or distribute it; do not open any attachments, delete it immediately from your system and notify the sender promptly by e-mail that you have done so. Thank you.
>
>
>= = = = = = = = = = = = = = = = = = = = = = = = = = = =
>Mailing list: powerh-l@lists.sowder.com
>Subscribe: "subscribe" in message body to powerh-l-request@lists.sowder.com
>Unsubscribe: "unsubscribe <password>" in message body to powerh-l-request@lists.sowder.com
>http://lists.sowder.com/mailman/listinfo/powerh-l
>This list is closed, thus to post to the list you must be a subscriber.
>
>