Begin forwarded message:
From: [EMAIL PROTECTED] Date: August 9, 2004 5:15:43 PM EDT To: [EMAIL PROTECTED] Subject: Re: [IP] New Horizons in spam and virii
(P.S. -- I've also gotten several copies of an unidentified virus that says "new price" - the payload has the name price.zip or price2.zip.)
I also got the price.zip file -- it contains two files, one called price.exe and one called price.html. Checked with the folks at CERT and they said they've only had reports on the virus in the last couple of days and they're examining a sample that was sent to them. They're still not sure what it does but said the html file seems to be some sort of javascript that actitvates the .exe file. Couldln't find anything about it doing a general Google search or a Google search on both the F-Prot and TrendMicro sites.
If anyone has any more info on this particular bit of mischief, I'd be interested to hear it.
---- Original message ----
yourDate: Mon, 9 Aug 2004 16:26:35 -0400 From: David Farber <[EMAIL PROTECTED]> Subject: [IP] New Horizons in spam and virii To: Ip <[EMAIL PROTECTED]>
Begin forwarded message:
From: Dana Blankenhorn <[EMAIL PROTECTED]> Date: August 9, 2004 3:51:39 PM EDT To: [EMAIL PROTECTED] Subject: New Horizons in spam and virii
I remember last week's thread on spoofing, which started with
addressed "to"complaint about someone taking your name in vain.
Well, here's a new one.
This one just came in "from" one of my e-mail addresses,
blacklisted myselfthe other one. As I may have mentioned, I've generally
into Outlookbecause I'm so often spoofed.
A quick glance with Mailwasher showed that, had this gotten
Express, it would have displayed a picture called"joasqfnhjt.bmp" and
Careful Outthen initiated a file called "Readme.zip" that looks nasty indeed.
Following is the complete header. The moral is "Be Very
tests=HTML_30_40,HTML_IMAGE_ONLY_02,HTML_MESSAGE,MIME_HTML_ONLYThere."
Note that the "Vickybrazel.org" domain doesn't exist.
Return-Path: <[EMAIL PROTECTED]> Received: from VICKYBRAZEL.org ([216.151.44.14]) by a-clue.com (8.11.6/8.11.6) with SMTP id i79JgY900748 for <[EMAIL PROTECTED]>; Mon, 9 Aug 2004 13:42:35 -0600 Date: Mon, 09 Aug 2004 14:47:57 -0600 To: "Dana" <[EMAIL PROTECTED]> From: "Danablankenhorn" <[EMAIL PROTECTED]> Subject: Re: Document Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------lgwwxmsenvleqajvlwwe" X-Spam-Status: No, hits=2.9 required=5.0
(1.174.2.8-2003-03-24-exp)version=2.52 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 2.52
virus thatX-UIDL: L9M!!#[=!!pSO!!C+G"! Status: U
(P.S. -- I've also gotten several copies of an unidentified
says "new price" - the payload has the name price.zip or price2.zip.)
------------------------------------- You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip
Archives at:
http://www.interesting-people.org/archives/interesting-people/
------------------------------------- You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
