[IP] New Horizons in spam and virii
Begin forwarded message:
From: hal@xxxxxxxxxxxxxx
Date: August 9, 2004 5:15:43 PM EDT
To: dave@xxxxxxxxxx
Subject: Re: [IP] New Horizons in spam and virii
(P.S. -- I've also gotten several copies of an unidentified
virus that says "new price" - the payload has the name
price.zip or price2.zip.)
I also got the price.zip file -- it contains two files, one
called price.exe and one called price.html. Checked with the
folks at CERT and they said they've only had reports on the
virus in the last couple of days and they're examining a
sample that was sent to them. They're still not sure what it
does but said the html file seems to be some sort of
javascript that actitvates the .exe file. Couldln't find
anything about it doing a general Google search or a Google
search on both the F-Prot and TrendMicro sites.
If anyone has any more info on this particular bit of
mischief, I'd be interested to hear it.
---- Original message ----
Date: Mon, 9 Aug 2004 16:26:35 -0400
From: David Farber <dave@xxxxxxxxxx>
Subject: [IP] New Horizons in spam and virii
To: Ip <ip@xxxxxxxxxxxxxx>
Begin forwarded message:
From: Dana Blankenhorn <dana@xxxxxxxxxx>
Date: August 9, 2004 3:51:39 PM EDT
To: dave@xxxxxxxxxx
Subject: New Horizons in spam and virii
I remember last week's thread on spoofing, which started with
your
complaint
about someone taking your name in vain.
Well, here's a new one.
This one just came in "from" one of my e-mail addresses,
addressed "to"
the
other one. As I may have mentioned, I've generally
blacklisted myself
because I'm so often spoofed.
A quick glance with Mailwasher showed that, had this gotten
into Outlook
Express, it would have displayed a picture called
"joasqfnhjt.bmp" and
then
initiated a file called "Readme.zip" that looks nasty indeed.
Following is the complete header. The moral is "Be Very
Careful Out
There."
Note that the "Vickybrazel.org" domain doesn't exist.
Return-Path: <danablankenhorn@xxxxxxxxxxxxxx>
Received: from VICKYBRAZEL.org ([216.151.44.14])
by a-clue.com (8.11.6/8.11.6) with SMTP id i79JgY900748
for <dana@xxxxxxxxxx>; Mon, 9 Aug 2004 13:42:35 -0600
Date: Mon, 09 Aug 2004 14:47:57 -0600
To: "Dana" <dana@xxxxxxxxxx>
From: "Danablankenhorn" <danablankenhorn@xxxxxxxxxxxxxx>
Subject: Re: Document
Message-ID: <hqtthcpjpiyfvkijxyn@xxxxxxxxxx>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------lgwwxmsenvleqajvlwwe"
X-Spam-Status: No, hits=2.9 required=5.0
tests=HTML_30_40,HTML_IMAGE_ONLY_02,HTML_MESSAGE,MIME_HTML_ONLY
version=2.52
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 2.52
(1.174.2.8-2003-03-24-exp)
X-UIDL: L9M!!#[=!!pSO!!C+G"!
Status: U
(P.S. -- I've also gotten several copies of an unidentified
virus that
says
"new price" - the payload has the name price.zip or price2.zip.)
-------------------------------------
You are subscribed as hal@xxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at:
http://www.interesting-people.org/archives/interesting-people/
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/