On Tue, 24 Jul 2001 06:00:32 -0400 (EDT), Stew Benedict wrote:
>Luckily perhaps, pine doesn't even want to extract the attachment to save
>it ;^) The return address was the same each time, but the attachment
>differed:
>
>2000-04.doc.com
>2000-04.doc.lnk
The subject line and attachment names are randomized, some what, by the
bug, before sending. Also the pley to address is probably not any
good, one or more characters are usually altered so the victim doesn't
find out about the infect as quickly. Nasty business. Spent 4 hours
doing battle with Magistra at a clients office yesterday. Got 5
machines before we stopped it. Fotunately, the nast payloads don't
deploy quickly on that bug. Seems McAfees AV software isn't real good
at catching the damned things while downloading. It only caught it
after the requisite 20 files, 21 with the original file, was attempted
to be accessed on the reboot, sets itself up in Win.ini with a run
command. Didn't save one for the zoo, so I'm looking for Sircam if it
shows up....
stayler
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
