Full Disclosure mailing list archives

Re: Right-wing computer virus

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 08 Jul 2003 01:49:37 +1200

"Richard M. Smith" <rms () computerbytesman com> wrote:

I just received the attached email message.  The original message
contained an attached file with a computer virus in it.  ...


_WHich_ computer virus?

You know, depending how you count there are arguably anywhere between
about 10,000 and 100,000 computer viruses, so that statement is
exceedingly devoid of meaningful content...

Even limiting ourselves to self-mailing viruses, there are many 
thousands to choose from, so the above still stands.

...  The message
attempts to trick people into running the virus to learn how "dangerous"
Richard Perle, Ann Coutler, and Michael Savage are.  ...


Doesn't look like that to me at all.

In fact, it looks an awful lot like many currently somewhat common mass-
mailers that not only collect Email addresses from all manner of files 
likely to contain such, but also randomly snag snippets of "text" from 
the same files (or specifically from existing Email messages) to use in 
their messages.  Note how the "message" ends mid-word?  (Well, after 
one letter...)  That is common of several such viruses...

... Victims are of
course going to learn a much different lesson:  Don't click on file
attachments!


Unlikely -- folk dumb enough to run such things are what keep you and I 
in business and it seems exceedingly unlikely they will stop 
fornicating with each other any time soon...

The full name of the virus file is "THANK YOU FOR YOUR TIME.eml.exe".


Again, quite likely randomly "stolen" from the victim machine.

Again, quite common among currently common viruses.

And how many times do I have to say that file names per se are 
exceedingly poor "symptoms" to report, especially if they are the only 
symptom reported?


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Right-wing computer virus Richard M. Smith (Jul 07)
- Re: Right-wing computer virus Nick FitzGerald (Jul 07)
- Re: Right-wing computer virus security snot (Jul 07)
  - Re: Right-wing computer virus madsaxon (Jul 07)
- Re: Right-wing computer virus Thor Larholm (Jul 07)
- Re: Right-wing computer virus IT (Jul 07)
- <Possible follow-ups>
- RE: Right-wing computer virus security snot (Jul 07)
- RE: Right-wing computer virus security snot (Jul 07)
- RE: Right-wing computer virus Schmehl, Paul L (Jul 07)
- RE: Right-wing computer virus Schmehl, Paul L (Jul 07)
  - RE: Right-wing computer virus Richard M. Smith (Jul 07)
- RE: Right-wing computer virus Jason Bethune (Jul 07)

(Thread continues...)