Title: Message
Doug, that looks
very, very much like SWEN. TrendMicro records 3
variants:
http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=qvirus=SWENalt=SWEN
Andrew.
-Original Message-From: Doug Anderson
[mailto:[EMAIL PROTECTED] Sent: Thursday, January 22,
2004 8:13 AMTo: [EMAIL PROTECTED];
[EMAIL PROTECTED]Subject: [Declude.JunkMail] New MS
updates Bug Report emails making the rounds
Thought I'd warn everyone
Some different/newer (I haven't seen it before) versions of
two emails arefloating around
#1
From Microsoft Corporation Network Security
to Commercial customer
No subject
Attachment "UPGRADE88.exe"
It claims to be updates from microsoft.
#2
From Internet Delivery Service
To Net Recipient
Subject Bug Report
Text : I'm sorry the message returned below could not be
delivered to the following addresses:
Attachment "ctge.exe"
They making the rounds. There
wereolder versions, that we were catchingbut they've changed it a
bit
So watch out.
Headers are
#1
Received: from FE-mail03.sfg.albacom.net [213.217.149.83] by
mail.ameripride.org with ESMTP (SMTPD32-8.05) id A2A9E2A0166; Thu,
22 Jan 2004 00:50:17 -0600Received: from wyadonm (217.220.55.169) by
FE-mail03.sfg.albacom.net
(7.0.009) id 400CF7D10001F68F;
Thu, 22 Jan 2004 07:48:41 +0100Date: Thu, 22 Jan 2004 07:48:41 +0100
(added by [EMAIL PROTECTED])Message-ID:
[EMAIL PROTECTED]
(added by [EMAIL PROTECTED])FROM:
"Microsoft Corporation Network Security Center" [EMAIL PROTECTED]TO:
"Commercial Customer" [EMAIL PROTECTED]SUBJECT:
Mime-Version: 1.0Content-Type: multipart/mixed;
boundary="nxjzttswpsxvy"X-RBL-Warning: GIBBERISH: Message failed GIBBERISH
test (line 137, weight 0)X-RBL-Warning: ANTI-GIBBERISH: Message failed
ANTI-GIBBERISH test (line 106, weight 0)X-Declude-Sender: [EMAIL PROTECTED]
[213.217.149.83]X-Declude-Spoolname: D72a90e2a01660543.SMDX-Note: This
E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.X-Spam-Tests-Failed: GIBBERISH, ANTI-GIBBERISH [0]X-Note: This
E-mail was sent from FE-mail03.albacom.net ([213.217.149.83]).X-RCPT-TO:
xxStatus: UX-UIDL: 373063459
(at the end of the email)
Content-Type: application/x-msdownload; n a m e = " U
P G R A D E 8 8 . e x e "Content-Transfer-Encoding:
base64Content-Disposition: attachment
#2
Received: from FE-mail04.sfg.albacom.net [213.217.149.84] by
mail.ameripride.org with ESMTP (SMTPD32-8.05) id A3A6E3A0166; Thu,
22 Jan 2004 00:54:30 -0600Received: from xkxxp (217.220.55.169) by
FE-mail04.sfg.albacom.net
(7.0.009) id 400CB88400024360;
Thu, 22 Jan 2004 07:52:18 +0100Date: Thu, 22 Jan 2004 07:52:18 +0100
(added by [EMAIL PROTECTED])Message-ID:
[EMAIL PROTECTED]
(added by [EMAIL PROTECTED])FROM:
"Internet Delivery System" [EMAIL PROTECTED]TO: "Net
Recipient" [EMAIL PROTECTED]SUBJECT: Bug
ReportMime-Version: 1.0Content-Type:
multipart/alternative;boundary="fxsnozzuqz"X-RBL-Warning:
GIBBERISH: Message failed GIBBERISH test (line 137, weight
0)X-RBL-Warning: ANTI-GIBBERISH: Message failed ANTI-GIBBERISH test (line
106, weight 0)X-Declude-Sender: [EMAIL PROTECTED]
[213.217.149.84]X-Declude-Spoolname: D73a60e3a0166e227.SMDX-Note: This
E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.X-Spam-Tests-Failed: GIBBERISH, ANTI-GIBBERISH [0]X-Note: This
E-mail was sent from FE-mail04.albacom.net ([213.217.149.84]).X-RCPT-TO:
xxxStatus: UX-UIDL: 373063460
(at the end of the email)
Content-Type: audio/x-wav; n a m e = " c t g e . e x e
"Content-Transfer-Encoding: base64Content-Id:
qfrsqcgf
