This actually scored fairly low in SA because it didn't do anything "spammy" [no opt-out links, embedded tags, onerous HTML, etc.] but then, SA "doesn't do" viruses :) so I'm not all that surprised. I only mention it here because of something alluded to in the thread "[EMAIL PROTECTED]: bounce 'no such user'" -- intentional bounces to catch the curious cats...
In any case, it is one to watch for [or rather, to watch for your friends running "that rather susceptible system"] If it weren't so insidious, it would be pure beauty... It comes with the subject: "RE: Submit a virus sample" and purports to be FROM symantec. Ok, fair enough -- this might be a response you would get if you submitted something via an automated e-mail address and/or web form; doesn't raise any suspicion [other than the fact I've never in my life knowingly "submitted a sample" to an anti-virus site...] The text reads: The sample file you sent contains a new virus version of ... [I suspect the name is irrelevant, but in this case it was buppa.k.] Please update your scanner with the attached dat file [a .zip file...] and the icing on the cake is the name of the .zip file: signature_osnut.zip -- almost as if I were receiving a personalized "virus signature file", how quaint :) [can I drip any more sarcasm on this?] The zip file, of course, is one of those "double extension" jobs -- whatever.dat.scr -- with "a whole lot of spaces" before the final .scr. Almost makes me want to have a windows system around here to check it out upon... NOT! :) :) :) -- Top o' the Blog: Google Nirvana gone bye-bye? http://osnut.homelinux.net/mtblog/ya_index.html
pgptYBL0fq1Fd.pgp
Description: signature
