Re: New virus?

[Sean Earp <smearp () mac com>]

To quote the Symantec write-up (FWIW they have some great screen shots 
of the virus email and installation/infection) at 
<http://www.sarc.com/avcenter/venc/data/w32.swen.a () mm html>

"The worm can also impersonate mail delivery failure notices, attaching 
itself as a randomly named executable.

One example is:

I'm sorry I wasn't able to deliver your message to one or more 
destinations."



On Friday, September 19, 2003, at 09:00 AM, 
full-disclosure-request () lists netsys com wrote:

> Yes, it's swan virus.
>
> --
> Eero
>
> If you meant swen, this doesn't look like swen. Nothing mentioning
> micro$oft
>
> The test of the email is :
> > Hi.
> > I'm sorry to have to inform you that I wasn't able to deliver your
> > message to the following addresses:
> >
> >
> >
> > Undelivered message to rlfblncx () bigfoot net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html