I received a message of 147000 bytes from somebody unknown to me, with a weird,
unintelligible subject line, a weird unintelligible line of text, and a big
SUCATREG.EXE attachment. As previously stated, my ISP changes .EXE in
attachment file names to ~EXE so a careless recipient won't run it accidentally
but can change ~EXE back to .EXE if the attachment is legit. Does anybody
recognize what this is? I notice a slight difference between Return-Path and
From: address. I also noticed Content-Type was image/gif but the file name
ended in .EXE.
I extracted the attachment, and examination with "more < sucatreg" revealed MZ
at the beginning and a little later, "This program cannot be run in DOS mode."
Pretty strong indication of a Windows executable file.
Message follows, attachment truncated:
Return-Path: <[EMAIL PROTECTED]>
Received: from pimout3-int.prodigy.net (pimout3-ext.prodigy.net [207.115.63.102])
by w3.bluegrass.net (8.9.3/8.9.3) with ESMTP id BAA12522
for <[EMAIL PROTECTED]>; Sat, 15 Sep 2001 01:22:20 -0400 (EDT)
Received: from smtp.prodigy.net (A010-0816.KSCY.splitrock.net [63.252.222.54])
by pimout3-int.prodigy.net (8.11.0/8.11.0) with SMTP id f8F5K9c194712;
Sat, 15 Sep 2001 01:20:09 -0400
Date: Sat, 15 Sep 2001 01:20:09 -0400
Message-Id: <[EMAIL PROTECTED]>
FROM: John <[EMAIL PROTECTED]>
SUBJECT: �=!"#�$�%
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: Microsoft Outlook Express 5.00.2615.200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0042_01741680.BE168090"
Content-Transfer-Encoding: 7bit
Status:
This is a multi-part message in MIME format.
------=_NextPart_000_0042_01741680.BE168090
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
�=!"#��$��.
------=_NextPart_000_0042_01741680.BE168090
Content-Type: image/gif; name="SUCATREG~EXE"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="SUCATREG~EXE"
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
(1871 lines snipped)
