On Sun, 2004-05-16 at 22:06 +0100, James Ascroft-Leigh wrote: > On Sun, 2004-05-16 at 08:47 -0500, Ron Johnson wrote: > > On Sun, 2004-05-16 at 13:30 +0100, James Ascroft-Leigh wrote: > > > On Sat, 2004-05-15 at 20:15 -0500, Ron Johnson wrote: > > > > On Sun, 2004-05-16 at 00:25 +0100, James Ascroft-Leigh wrote: > > > > > All, > > > > > > > > > > On Fri, 2004-05-14 at 09:57 +0900, [EMAIL PROTECTED] wrote: > > > > > > If the message will not displayed automatically, > > > > > > follow the link to read the delivered message. > > > > > > > > > > > > Received message is available at: > > > > > > www.ximian.com/inbox/evolution/read.php?sessionid-8463 > > > > > > > > > > > > > > > > I am using the 1.5.7 build from Debian unstable + experimental. The > > > > [snip] > > > > > > > > Did you get this email privately, or via the ML? This reminds me of > > > > the social engineering I've seen on some recent viruses. > > > > > > It appeared to come from the evolution mailing list but, of course, that > > > may be forged. Another likely explanation is that some virus scanner > > > quarantined it. > > > > That's what the social engineer wants you to think. Do a "Show > > Email Source" on the original mail, and I bet that the ximian.com > > "link" is really a phony, that runs a virus, or sends you to a > > different website. > > I have looked at the source and I know the link points to a mime part > with the mime type audio/x-wav but the name indicates a Microsoft > Windows screen-saver (message.scr). > > What worries me is that this message is: > > * Not displayed as having an attachment (no paper-clip icon) in > Evolution. > * Causes Evolution to crash. > > > > If other people have not seen it I can obfuscate the > > > message to get it around the scanners and repost. > > You obviously have not seen the message I am referring to so I have > attached it.
I must have been ambiguous when I said "This reminds me of the social engineering I've seen on some recent viruses." The reason I've seen them is because I've received them. That's how I know it's good (but not good enough!) social engineering.... And it didn't crash my Evo because I was suspicious, and first looked at the email source. Then deleted it... > The file is obfuscated by combining the original email > source as one stream and an infinite stream of "guessmeguessme" with a > bit-by-bit exclusive or operation. I am not to blame if somebody > manages to infect themselves. Microsoft Windows users beware - THE > ATTACHMENT CONTAINS A VIRUS. -- Ron Johnson <[EMAIL PROTECTED]> _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
