JISCmail Service: W32/MyParty-A Virus Infection

Brown, J (Jed) Jed.Brown at RL.AC.UK
Thu Jan 31 15:15:08 GMT 2002


Affected List Owners (sent as blind copy using LISTNAME-Request of all
affected lists).

I write to apologise for the recent virus infection which affected your
JISCmail mailing list. This message provides details of what happened, the
actions we took to limit the impact and to clean up afterwards; and finally
our plans to prevent it happening again.

Details of the virus are to be found on
http://vil.nai.com/vil/content/v_99332.htm but the most important features
are:

- the infected file is uuencoded as a plain text file imbedded in the main
body of the message rather than as the more usual MIME attachment;
- the file name looks very like a web address and may trick recipients into
opening the infected file;
- some virus protection systems were not able to detect the embedded file
and scan it even though they had details of its 'signature';
and so the virus spread quite rapidly through the community.

Only 9 JISCmail lists received a copy of the infected message before
distribution was stopped while a fix was developed that rejected infected
messages. A larger number received warnings and/or disinfected messages. We
have removed infected messages from the archives of the affected lists.

We now plan to review our policy on how we treat attachments which may
contain executable code. We already reject mail containing known viruses but
we may introduce changes to identify potentially harmful attachments. We
shall discuss these policy changes with the JISCmail Advisory Group and
OWNERS-TALK  as appropriate and will make any general announcements to
OWNERS-UNIQUE and on the JISCmail web.

Jed Brown
JISCmail Director
Rutherford Appleton Laboratory, Chilton, DIDCOT, Oxon OX11 0QX
Tel: +44 1235 446609, Mob: +44 7770 652485
Fax: +44 1235 446626





More information about the MailScanner mailing list