OT: Virus warning
Off-topic, I know, and I apologize for that in advance. Today I received two emails, both with forged headers. One appeared to come from Pudge (Chris Nandor), and the other from Mattias Neeracher. Both included virus attachments. Someone is apparently targeting a virus towards MacPerl developers, and their approach is both clever and stupid at the same time. Obviously, the message is more likely to appeal to its target audience than any of the many Important Windows Update! messages I receive daily. On the other hand, the attachment is a .exe file... ;-) sherm--
Re: OT: Virus warning
In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Sherm Pendley) wrote: Off-topic, I know, and I apologize for that in advance. Today I received two emails, both with forged headers. One appeared to come from Pudge (Chris Nandor), and the other from Mattias Neeracher. Both included virus attachments. Someone is apparently targeting a virus towards MacPerl developers, and their approach is both clever and stupid at the same time. Obviously, the message is more likely to appeal to its target audience than any of the many Important Windows Update! messages I receive daily. On the other hand, the attachment is a .exe file... ;-) I don't know who is being targetted, but I got a ton from Matthias and Jarkko (about 50 between the two addresses). -- Chris Nandor [EMAIL PROTECTED]http://pudge.net/ Open Source Development Network[EMAIL PROTECTED] http://osdn.com/
Re: OT: Virus warning
On Sunday, January 18, 2004, at 09:58 PM, Chris Nandor wrote: I don't know who is being targetted, but I got a ton from Matthias and Jarkko (about 50 between the two addresses). My boss got a copy which had a forged from of [EMAIL PROTECTED]. They look like junk faxers, which is neither here nor there. Since we (My employer and I) are in the business of tracking down 'net abusers, we've both taken the liberty of dumping the .exe into a hex editor, and comparing notes. Thanks to Sherm Pendley for forwarding his copy, as I tend not to get these things directly. It's a two-stage worm. The initial .exe is quite small, contains an SMTP engine for sending itself, and pulls addresses from the victim's address book for both new victims and forged From:. Clearly some infected person has Chris, Matthias and Jarkko in their address book, and likely others. Stage two is a file beagle.exe which stage one grabs from a list of cracked servers running a PHP script 1.php. I've not examined this .exe yet, but I have a fair idea what it does. The rest of this is phenomenally boring, unless you do it for pay, so at this point I return you to your regularly scheduled Mac OS X Perl discussion. --B
Re: OT: Virus warning
On Sunday, January 18, 2004, at 10:34 PM, Brian McNett wrote: The rest of this is phenomenally boring, unless you do it for pay, so at this point I return you to your regularly scheduled Mac OS X Perl discussion. Oh... Symantec is calling it [EMAIL PROTECTED]. Just discovered today. http://www.symantec.com/avcenter/vinfodb.html --B