RE: [ok] Possible Virus/Trojan

["Todd Towles" <toddtowles () brookshires com>]

It is a good idea but if it was a new version of a e-mail virus, we will be
seeing it all over the place by now. 

I don't have a copy of the exe, it was deleted off the server before I could
get someone to save it. I have it on my client but Outlook is blocking it.
There may be a way of getting it out of Outlook but I am not sure if it is
worth the effort. Therefore I don't have the ability to dissemble it. 

I was the only person in the company to get this type of e-mail which is
very odd, but I did get the very cool MyDoom.0 today as well.

-Todd

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
Sent: Monday, July 26, 2004 3:19 PM
To: Curt Purdy
Cc: 'Todd Towles'; 'Mailing List - Full-Disclosure'
Subject: Re: [ok] [Full-disclosure] Possible Virus/Trojan 

On Sun, 25 Jul 2004 14:06:55 CDT, Curt Purdy <purdy () tecman com>  said:

> I'm guessing the latter.  Although story scraping would be possible,
> intellegent naming of the .exe would not be.  Most likely a friend... or
> enemy.

http://www.cnn.com/2004/WEATHER/07/26/new.mexico.flooding.ap/index.html
"Rain floods New Mexico".

http://www.cnn.com/2004/SHOWBIZ/Movies/07/26/halle.berry.ap/index.html
"Halle Berry falls for feline co-star"

Looks pretty easy to scrape the URL for a useful name... and if you've
already
scraped the story, you probably HAVE the URL you scraped it from... ;)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html