Excerpt from Bastiaan Edelman:
The attachment contains:
1- 90984193.cnm = full e-mail message
sender: [EMAIL PROTECTED] does not exist
title : What does this mean??
2- attachment = sucatreg.gif This is not a .GIF image but a disguised
.EXE file.
I tried to see the image in DOS and then it came out:
This programm does not run in DOS => it needs windows to run.
(snip)
If the sender does not exist, that looks suspicious, like when I received
fix2001.exe apparently from [EMAIL PROTECTED] (rather an unlikely user name
ending with two underlines. I got "User unknown" when I replied to that
address. It proved to be a phony, and a virus.)
Are you sure the attachment name was sucatreg.gif and not sucatreg.gif.exe,
comparable to thise xxxx.txt.vbs attachments where the user sees only the
xxxx.txt part of the name, and therefore does not suspect a VBScript virus?
Does that sucatreg.gif file begin with MZ, characteristic of a .EXE file? I
suspected that .scr file sent as an attachment with a Snowhite message was
really a .EXE when I found it began with MZ. Windows screen saver, though
"saver" is not the right word in this case (virus).
How did you get your DOS program to attempt to run sucatreg.gif as a .EXE? I
guess Windows email programs also see it as .EXE in disguise and run it, to the
recipient's regret?
