RE: [ok] Possible Virus/Trojan

["Todd Towles" <toddtowles () brookshires com>]

It is a very smooth idea if it is a new e-mail worm. I haven't been able to
find any information from any AV companies on something like this. If it is
some kiddie trying to be smooth with me, this could be a new technique to
come.

-----Original Message-----
From: Andrew Farmer [mailto:andfarm () teknovis com] 
Sent: Sunday, July 25, 2004 6:06 PM
To: Curt Purdy
Cc: 'Mailing List - Full-Disclosure'; 'Todd Towles'
Subject: Re: [ok] [Full-disclosure] Possible Virus/Trojan

On 25 Jul 2004, at 12:06, Curt Purdy wrote:
> Todd Towles  wrote:
> > I received an e-mail today that looked very much like a virus. Here 
> > is the message
> >
> > Attachment - erupts.avi.exe
>
> > Subject - New Southern California wildfire erupts
>
> <snip>
>
> > Either this is a new Trojan that changes it body and subject based on 
> > the current  AP  news or someone used a very lame trick against me. 
> > =)
>
> I'm guessing the latter.  Although story scraping would be possible,
> intellegent naming of the .exe would not be.  Most likely a friend... 
> or
> enemy.

Sure it would be. In this case, at least, the executable is just named 
based on the last word of the headline plus ".avi.exe".

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html