RE: Hi (fwd)

2004-03-18 Thread Thor Larholm
> From: Matthew Sullivan [mailto:[EMAIL PROTECTED] > It's another varient of Bagle... > > My analysis of it is at: http://www.au.sorbs.net/virus.explain.txt > - since then Symantec has release it's more detailed explaination > under the headings for Bagle.r and Bagle.s This variant tries to e

Re: Hi (fwd)

2004-03-18 Thread Matthew Sullivan
william(at)elan.net wrote: FYI - if you're on windows machine DON'T TRY TO FOLLOW URL in that post Somebody sent me a copy of the content and its vbscript that downloads an image converts it into executable and then probably uses some bug in microshit products to have it executed. I'm not that

Re: Hi (fwd)

2004-03-18 Thread Arnold Nipper
On 18.03.2004 05:47 Suresh Ramasubramanian wrote: william(at)elan.net writes on 3/18/2004 11:03 AM: Me thinks somebody has found a trapdoor in nanog mailsetup and is in general out to get us ... Have you, by any chance, heard of "bcc"? That isn't a bug, that's a feature. Have you, by any

Re: Hi (fwd)

2004-03-17 Thread william(at)elan.net
FYI - if you're on windows machine DON'T TRY TO FOLLOW URL in that post Somebody sent me a copy of the content and its vbscript that downloads an image converts it into executable and then probably uses some bug in microshit products to have it executed. I'm not that good with windows scripti

Re: Hi (fwd)

2004-03-17 Thread Colin Neeson
Interesting, it does respond, albiet sporadically.. It contains the usual stuff... a trojan.. It looks like a variant of Psyme.. *sigh* -colin. On 18/03/2004, at 4:33 PM, william(at)elan.net wrote: Me thinks somebody has found a trapdoor in nanog mailsetup and is in general out to get us

Re: Hi (fwd)

2004-03-17 Thread Suresh Ramasubramanian
william(at)elan.net writes on 3/18/2004 11:03 AM: Me thinks somebody has found a trapdoor in nanog mailsetup and is in general out to get us ... Have you, by any chance, heard of "bcc"? That isn't a bug, that's a feature. -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, ou

Re: Hi (fwd)

2004-03-17 Thread Steven M. Bellovin
In message <[EMAIL PROTECTED]>, "william(a t)elan.net" writes: > > >Me thinks somebody has found a trapdoor in nanog mailsetup and is in >general out to get us ... > >This one supposedely came from 203.18.63.43 (australia powerhous museum - >phm.gov.au) and advertises page on ip 165.134.187.102

Re: Hi (fwd)

2004-03-17 Thread william(at)elan.net
Me thinks somebody has found a trapdoor in nanog mailsetup and is in general out to get us ... This one supposedely came from 203.18.63.43 (australia powerhous museum - phm.gov.au) and advertises page on ip 165.134.187.102 (saint louis univerisity - slu.edu). "Connection refused" when I tried