[IP] New Virus (or Variant) Apparently Spreading

To: Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] New Virus (or Variant) Apparently Spreading
From: David Farber <dave@xxxxxxxxxx>
Date: Wed, 8 Dec 2004 12:28:32 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx



Begin forwarded message:

From: Lauren Weinstein <lauren@xxxxxxxxxx>
Date: December 8, 2004 12:13:19 PM EST
To: dave@xxxxxxxxxx
Subject: New Virus (or Variant) Apparently Spreading


Dave,

FYI. I'm seeing what appears to be a new virus here -- a cleanedsample isbelow. It may just be an offshoot or variation of some existing virus,butit's interesting in that it not only claims to come from variousdifferentdomains (in this example "hotmail"), but also provides a generated URLtothose domains for "more info" (which may lend the messages morecredence in

the eyes of some recipients).

You'll note that it also includes a handy spelling error for
scanning checks ("Occured_Errors" [sic]).

--Lauren--
Lauren Weinstein
lauren@xxxxxxxx or lauren@xxxxxxxxxx or lauren@xxxxxxxxxxxxxxxx
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
http://www.vortex.com

Co-Founder, PFIR - People For Internet Responsibility -http://www.pfir.org

Co-Founder, Fact Squad - http://www.factsquad.org
Co-Founder, URIICA - Union for Representative International Internet
                     Cooperation and Analysis - http://www.uriica.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://www.vortex.com/lauren-blog

------- Forwarded Message

Return-Path: Error_Mail@xxxxxxxxxxx
Delivery-Date: Wed Dec  8 03:41:22 2004
Return-Path: <Error_Mail@xxxxxxxxxxx>
Received: from fqbnq.com ([204.244.209.152])
From: Error_Mail@xxxxxxxxxxx
Date: Wed, 08 Dec 2004 11:38:45 GMT
Subject: FwD: mail delivery system <SMTP:8165>

This is a multi-part message in MIME format.

- --b9102e1cb2eec4

This mail was generated automatically.
More info about --HOTMAIL-- under: http://www.hotmail.com

- -------
Occured_Errors:

170.200.95.118_does_not_like_sender.
# 238: Giving_up_on_170.200.95.118.
# 463: This_account_has_been_disabled_[#188].
# 483: Remote_host_said:_delivery_error

End
- -------

The corrected mail is attached.

Auto_Mail.System: [hotmail]
- - --b9102e1cb2eec4

Content-Type: application/octet-stream;name=auto__mail.hotmail4072.TXT.pif

Content-Transfer-Encoding: base64

Content-Disposition: attachment;filename="auto__mail.hotmail4072.TXT.pif"


 ...

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on "Fiscal 2005 spending bill addresses privacy issues"
Next by Date: [IP] more on "Fiscal 2005 spending bill addresses privacy issues"
Previous by thread: [IP] more on "Fiscal 2005 spending bill addresses privacy issues"
Next by thread: [IP] Just wait till we get automatic system upgardes over the net (mandatory) djf Report says "Government department wiped out by IT upgrade disaster"
Index(es):
- Date
- Thread