If it's the one I've been seeing all day long, it is Mimail.A and you can get more info at http://www.sarc.com/avcenter/venc/data/[EMAIL PROTECTED] It is an UPX packed binary that they are still trying to work all the details out on. I received the first one about 5 hours ago, and have received about 1 an hour since then from various places. If you peek inside with a hex editor, it quickly becomes clear to some extent just what is going on.
HTH Dean Coffey >P.S. BTW, so far I have not yet been able to identify the ugly >looking thing that appears to be a virus that somebody recently >sent to the list server. I'm not worried about it because I >have been able to determine that the program cannot run in DOS >mode. Also I can see that it wouldn't do whatever it is designed >to do unless one were to have support for JavaScript. > >I'm just very curious to know what this very nasty looking thing >might be. If anyone knows, please clue us in on what sorry fate >a Window$ user might have suffered if he had been so stupid as to >have opened the message and unzipped the attached binary and tried >to run it. > >I don't know why the virus purveyors are sending zipped binaries. >Is Window$ so badly designed that it can even automagically unzip >and run an attached executable binary just by the operator's opening >an email? I know Window$ is very bad and that it is getting much >worse. Has it gotten so bad by now that it can wreak more evil than >we ever before imagined possible? > >Hmmmm ........
