Full Disclosure mailing list archives
Re: New virus?
From: Sean Earp <smearp () mac com>
Date: Fri, 19 Sep 2003 12:31:53 -0700
To quote the Symantec write-up (FWIW they have some great screen shots of the virus email and installation/infection) at <http://www.sarc.com/avcenter/venc/data/w32.swen.a () mm html>
"The worm can also impersonate mail delivery failure notices, attaching itself as a randomly named executable.
One example is:I'm sorry I wasn't able to deliver your message to one or more destinations."
On Friday, September 19, 2003, at 09:00 AM, full-disclosure-request () lists netsys com wrote:
Yes, it's swan virus. -- Eero If you meant swen, this doesn't look like swen. Nothing mentioning micro$oft The test of the email is :Hi. I'm sorry to have to inform you that I wasn't able to deliver your message to the following addresses: Undelivered message to rlfblncx () bigfoot net
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: New virus? Sean Earp (Sep 19)