[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Virus emanation handled quickly by Mark Brown



PureBytes Links

Trading Reference Links

FWIW, I had 2 reply emails (Trader2@xxxxxxxxxxxxx) from omega list archive sent
to me yesterday that were in response to messages that I had responded to over
2 years ago. Both were in infected with some worm virus.

I'm impressed. This is a very clever package to send the virus. It was only
detected because the virus was known to the AV package.

I guess the "package" testing is completed for these virus people....

These are the messages with the virus attachment removed. Naturally, the "Take
a look to the attachment." is a give away these days that a virus is attached,
but the packaging is a "real" message and not some bogus email.

Received: from firewall.markbrown.com (216.88.105.93.istrength.net
[216.88.105.93]) by usilms50.ca.com with SMTP (Microsoft Exchange Internet Mail
Service Version 5.5.2654.52)
 id TJ2HT5P7; Thu, 20 Sep 2001 12:07:13 -0400
Received: from cd ([192.168.1.1]) by firewall.markbrown.com
          (Post.Office MTA v3.5.3 release 223 ID# 0-57451U100L100S0V35)
          with SMTP id com for <Roy.Johanson@xxxxxxx>;
          Thu, 20 Sep 2001 10:55:51 -0500
Message-ID: <003901c14189$2f504800$0401a8c0@xx>
From: "Trader2" <trader2@xxxxxxxxxxxxx>
To: <Roy.Johanson@xxxxxxx>
Subject: Re: RE: @ISN and @VSN data using DTN

'Johanson, Roy' wrote:
====
- These are DTN calculated symbols and tradestation does not calculate these
- values. However, it would be nice if it would....
-
-  -----Original Message-----
-  From: Jimmy Snowden [SMTP:jsnowden@xxxxxxxx]
-  Sent: Thursday, October 28, 1999 5:28 PM
-  To: .Omega List
-  Subject: Re: @ISN and @VSN data using DTN
-
-  Is anyone able to collect the data in DTN satellite symbols @ISN and
- @VSN?
-  These are the symbols for NYSE advancing/declining and unchanged
- i ...'


> Take a look to the attachment.

===================

Message number two:

Received: from firewall.markbrown.com (216.88.105.93.istrength.net
[216.88.105.93]) by usilms50.ca.com with SMTP (Microsoft Exchange Internet Mail
Service Version 5.5.2654.52)
 id TJ2HT5K1; Thu, 20 Sep 2001 12:05:47 -0400
Received: from cd ([192.168.1.1]) by firewall.markbrown.com
          (Post.Office MTA v3.5.3 release 223 ID# 0-57451U100L100S0V35)
          with SMTP id com for <Roy.Johanson@xxxxxxx>;
          Thu, 20 Sep 2001 10:54:51 -0500
Message-ID: <003101c14189$0b9195e0$0401a8c0@xx>
From: "Trader2" <trader2@xxxxxxxxxxxxx>
To: <Roy.Johanson@xxxxxxx>
Subject: Re: RE: TS2K and WIndows NT Fatal Error

'Johanson, Roy' wrote:
====
- Any time that I get any type of "a critical error occurred in
- GlobalServer...blah, blah, blah," I shut down tradestation, global server,
- power editor, etc. kill any omega processes that are not shutting down and
- delete these files from the /omega/server directory:
-
- GSQF.dat
- GSQF.mst
- Perfmon.dat
- Symswap.dat
- Sysevent.dat
-
- When you restart the globalserver, it will recreate these files. Also, it
- may take a while to reindex the files in the /omeg ...'


> Take a look to the attachment.




"M. Simms" wrote:

> An email from an authorized e-mail account (Trader2@xxxxxxxxxxxxx) sent a
> virus-laden attachment under the disquise of a zip file (pics.zip.scr) at 1
> pm EDT.
> The virus was determined to have been identified as "W32.Badtrans.13312@xx"
> by SARC and required no other action for further analysis.
> I am glad to report that Mr. Brown was able to close that account quickly
> upon my request for action.
> Thank You !
>
>  [Image]