> Date: Sun, 22 Apr 2001 16:44:39 -0400
> From: "Ken Lin" <[EMAIL PROTECTED]>
> Subject: Re: EOS Attention: Foul apple aboard!
>
> But when I inspected the attachment file (without opening it), it has a .scr
> file extension, which means it's a "script" file, which is kind of like a
> bunch of macro commands.
No, it is a screensaver file.
Those are truely *.exe with another ending, they are
definitely not only scripts but full executables.
> It was one trojan embedded in a *.scr-file, and a program
> call in a *.doc.pif file. Outlook would have shown just
> doc at the end, activated auto preview would have executed it,
> clicking it would have released a program call with extra
> parameters like "deltree windows /y", skipping security
> dialog boxes. So, this has been a deliberate attack.
After clarification about the payload, I stand corrected.
The second wave was just another sign of the same trojan.
I now believe the poor guy is a victim himself. And a
nut to use Outlook.
--
Michael Quack <[EMAIL PROTECTED]> http://www.photoquack.de
*
****
*******
***********************************************************
* For list instructions, including unsubscribe, see:
* http://www.a1.nl/phomepag/markerink/eos_list.htm
***********************************************************
