Guys.
Yesterday; The Gate started picking up email from Outlook XP/2003 versions (internal) to external addresses as having the above exploit on them.
i've checked a couple sites and the condition is common for SPAM mail; which we're obviously not sending --
here are the headers for one such message:
------------------------------------------------------------
WinGate DataScanning has blocked the following message:
Message: 0000000232
From: "Kate Love" <kate.love@damo******.com>
To: "'Mick Skerratt'" <mick.skerratt@exet*******.co.uk>
Subject: Contract
Size: 262936 bytes
Reason: Kaspersky AV for WinGate - Data stream (0000020132) is infected with Exploit.HTML.ObjData
Please contact the Administrator ( wingate.virus@damo*******d.com ) to release this email.
Headers read:
Received: From BSDHLT003 (unverified [10.233.115.34]) by SMTP Server [10.226.161.2] (WinGate SMTP Receiver v5.2.2 (Build 892)) with SMTP id <0000020132@host217-40-63-185.in-addr.btopenworld.com>;
Mon, 1 Nov 2004 16:30:04 +0000
From: "Kate Love" <kate.love@da*****.com>
To: "'Mick Skerratt'" <mick.skerratt@exe*****.co.uk>
Subject: Contract
Date: Mon, 1 Nov 2004 16:31:33 -0000
Message-ID: <000001c4c030$409c3a00$0100000a@BSDHLT003>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0001_01C4C030.409C3A00"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165