Thanks Jud,
It, so far, has only appeared on an email I sent to a company with a filled
in word.doc form from them. They seemed not to have seen this before. The
same thing happened when I opened that sent message and resent it to myself.
What I don't know so far is if it's ALL word .docs or just this one. I
haven't been in a hurry to send out a lot more attachments until I was more
sure where they are going... It appears not to be included in messages
without attachments and also not in other attachments than word. (Which is
what leads me to suspect a variant of a word macro)
What I see in source for the copy I sent back to myself is a fairly normal
looking message, no trace of the attachment I put there, then a boundary
separator (it's an HTML message btw) after the last legitimate attachment
(the co. logo from the sender):
--B_3199625449_1646768--
--B_3199625449_1609422
Then
X-Apparently-To: <another of my email addresses, but not the one the message
was coming from/to>
Then a series of internet headers that don't 'belong' in this message
including:
Return-Path: <[EMAIL PROTECTED]>
Received: from 220.116.255.108 (HELO 195.50.106.135) (220.116.255.108)
by mta805.mail.ukl.yahoo.com with SMTP; Fri, 20 May 2005 14:00:26 +0000
Received: from newscast.fruition (HELO localhost.spector.com [12.0.10.25])
by ballast.marvelous (8.11.9/8.11.7) with ESMTP id f46KukE84954;
Fri, 20 May 2005 17:54:15 +0300
(envelope-from mugging-angelfish at document.aphid)
From: "Donny Caudill" <[EMAIL PROTECTED]>
Date: Fri, 20 May 2005 11:00:15 -0400
And:
Message-ID: <[EMAIL PROTECTED]>
Then below that the 'Internet Television... text' I quoted earlier.
Then below that a LOT of garbled email addresses from our entourage address
book which typically have:
'�8����
����� �5� � ���f����o����9����'
Placed in and among them, one or two possibly intact enough to get through.
Poor formatting seems to have further garbled other addresses by separating
them at the wrong point or running them together.
Then at the end is the same sort of garbage (code?) with what looks like the
remains of the removed word .doc title and some info from within the
attachment that should have been enclosed.
Any ideas?
Thanks for any light you can shed. Maybe other people out there are having
similar problems? If it is a macro, it's the first virus I've had in about
10 years of using macs that's really caused much of a problem.
Jo David
> From: Jud Spencer <[EMAIL PROTECTED]>
> Reply-To: "Entourage:mac Talk" <[email protected]>
> Date: Sun, 22 May 2005 08:09:52 -0700
> To: "Entourage:mac Talk" <[email protected]>
> Subject: Re: Macro virus in entourage?
>
> On 5/22/05 3:37:52 AM, "Jo David" <[EMAIL PROTECTED]> wrote:
>
>> And some garbled addresses from our own address book. It appears the virus
>> removes the attachment completely replacing it�s own text. I have spent a
>> long time searching the virus information pages at symantec, mcaffee,
>> f-secure, snopes and mactopia but haven�t found information that seems to
>> relate to this particular one yet. Given the apparent current activity
>> (with probably as many as 10 emails with similar text arriving in our inbox
>> over the last couple of days) it may be a new variant. Has anyone else
>> found anything similar?
>>
>> Any help at all would be very welcome. I am delaying sending out a bulletin
>> to a large number of recipients as I would really prefer it not to be
>> infected with a virus.
>
> Is it replacing attachments or does it appear on all outgoing messages? Can
> you "View Source" on a message in your sent items folder to see what appears
> there?
>
> Jud
>
>
> --
> To unsubscribe:
> <mailto:[EMAIL PROTECTED]>
> archives:
> <http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/>
> old-archive:
> <http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
>
--
To unsubscribe:
<mailto:[EMAIL PROTECTED]>
archives:
<http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/>
old-archive:
<http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
