I got my first two viral messages from Oscar Diaz, and the message part, before
the attachment, was messy with quoted-printable junk.
I believe if somebody could safely send a virus-infested message to a
postmaster, sysadmin or abuse address by copying it inline to the body of the
main message, not an attachment. That way, the virus would be encased, and in
order to run it, it would be necessary to block-copy the message to a file and
then extract the base64. This would require conscious effort, even Outlook
Express wouldn't know to do it automatically. Am I correct?
Second of my two messages showed, and I snip out the viral stuff, and I am
decidedly not fat:
Return-Path: <[EMAIL PROTECTED]>
Received: from piro.coqui.net (piro.coqui.net [206.99.218.243])
by w3.bluegrass.net (8.9.3/8.9.3) with ESMTP id RAA07045
for <[EMAIL PROTECTED]>; Wed, 5 Sep 2001 17:49:09 -0400 (EDT)
Received: from coqui (ppp-196-42-49-156.coqui.net [196.42.49.156])
by piro.coqui.net (8.9.3/8.9.3) with SMTP id RAA15329
for <[EMAIL PROTECTED]>; Wed, 5 Sep 2001 17:51:38 -0400 (AST)
Date: Wed, 5 Sep 2001 17:51:38 -0400 (AST)
Message-ID: <022501c13656$74a2d3c0$[EMAIL PROTECTED]>
From: "Oscar Diaz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: Re: Where is the internet "I grew up with" ??
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0222_01C13634.E330A5A0"
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Status:
This is a multi-part message in MIME format.
------=_NextPart_000_0222_01C13634.E330A5A0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
'Thomas Mueller' wrote:=0A=
=3D=3D=3D=3D=0A=
- from L.D. Best:
-=20
- >I got this spam, and had to share ... because it tells me something
- >scary about "the internet" and access to it.
-=20
- I got that spam too. I thought maybe the spammer saw me in
- alt.free.newsservers
-=20
- "BANNED Groups" suggests sexy stuff or kiddie porn, or it could be =
advertising
- hot air.
-=20
- I don't remember the full email address on the spam, but the verbiage =
matches:
-=20
- ----- Forwarded message begin -----
- From: tab0rmade@gmj ...'=0A=
=0A=
=0A=
> Take a look to the attachment. =0A=
=0A=
=0A=
------=_NextPart_000_0222_01C13634.E330A5A0
Content-Type: application/octet-stream;
name="YOU_are_FAT!.TXT~pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="YOU_are_FAT!.TXT~pif"
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
(snip!)
