>FYI, this looks to be a bad one. > >I am still trying to see what the payload is, whether in the e-mail >itself or in an attachment, and what kind of attachment. > >Any one know?
Mcafee has this as Low Risk, but Sophos just issued an Emergency Alert about this, and I was about to post a warning here. It does seem nasty. http://vil.mcafee.com/dispVirus.asp?virus_k=99728 has quite a bit of information about it. The payload is a trojan horse that opens port 36794 on the local machine (it is not known yet what can be done with that port). The good news is that it looks like this one will get caught as an "Outlook MIME Header Vulnerability" by Declude Virus, whether or not the virus definitions can detect it. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
