Re: Extra Re: test...

Sat, 27 Apr 2002 03:11:08 -0700 

First, let me say Fouled Up Beyond All Recognition is a polite translation of
what FUBAR stands for.  F stands for something stronger that tends to be shunned
in polite society (in response to a message sent before Arachne list's latest
downtime).

I received a 128 KB message with a suspicious attachment, apparently from an
Adaptec support address (very strange) but with a different Return-Path.  I
didn't have KLEZ on my mind, but it looked like a likely virus.  Bluegrass Net
mail server converts .exe ending to ~exe in the attachment subheaders to
prevent a careless recipient from automatically running a strange attachment.
Here is what I received, including headers, truncating most of the attachment:


Return-Path: <[EMAIL PROTECTED]>
Received: from smtp.seq.it (lyskamm.dnet.it [194.242.196.14])
        by w3.bluegrass.net (8.12.1/8.12.1) with ESMTP id g3PNtKj9004259
        for <[EMAIL PROTECTED]>; Thu, 25 Apr 2002 19:56:26 -0400 (EDT)
Received: from Gugsv ([213.192.34.196])
        by smtp.seq.it (8.11.0/8.11.0) with SMTP id g3Q0AhA17770
        for <[EMAIL PROTECTED]>; Fri, 26 Apr 2002 02:10:43 +0200 (MET DST)
Date: Fri, 26 Apr 2002 02:10:43 +0200 (MET DST)
Message-Id: <[EMAIL PROTECTED]>
From: EuroSupport_Master <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: This is a side effect of the security update. 
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary=YQOQ780QQrG07d1P8r30iBTZR9Zj8M5Mb64
Status:   

--YQOQ780QQrG07d1P8r30iBTZR9Zj8M5Mb64
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD><BODY>
<iframe src=3Dcid:I15JD23vZ82 height=3D0 width=3D0>
</iframe>
<FONT></FONT></BODY></HTML>

--YQOQ780QQrG07d1P8r30iBTZR9Zj8M5Mb64
Content-Type: audio/x-wav;
        name=may be~exe
Content-Transfer-Encoding: base64
Content-ID: <I15JD23vZ82>

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g
(1729 lines snipped here)
AAAAAAAAAAAAAAAAAADoHAABCl0BAV9kAQEAAAAAAAAAAAAAAAAAAAAAAAAAAMIdAAEBAAAA
AQABAAAAAAAXAQMFAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAATQ=9
--YQOQ780QQrG07d1P8r30iBTZR9Zj8M5Mb64
--YQOQ780QQrG07d1P8r30iBTZR9Zj8M5Mb64
Content-Type: application/octet-stream;
        name=De7.DOC
Content-Transfer-Encoding: base64
Content-ID: <I15JD23vZ82>

BkhvbmVjawAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
BgBIAG8AbgBlAGMAawAAACYAAAARAFAAZQBuAHMAaQBvAG4AIABIAG8AbgBlAGMAawAgAEsA
RwAAAHQPjAEAAAEAAIABAACAGAAAAAEAAIABAACAHwAAABwBAACBAAAAKgAAAAEAAIABAACA
--YQOQ780QQrG07d1P8r30iBTZR9Zj8M5Mb64--

Reply via email to