Security Incidents mailing list archives
New email virus? [Free eurocalculator!!!]
From: Rik van Riel <riel () CONECTIVA COM BR>
Date: Tue, 3 Oct 2000 14:40:38 -0300
Hi, I've just gotten this spam, which contains the attachement "eurocalculator.exe". Since I don't have any windows machines around and know better than to execute random scripts I get, I've limited myself to running strings on the file and I got the following (and more): --> Version: Back Orifice 2000 (BO2K) v%1.1u.%1.1u ... Rebooting now. Reboot attempt failed. Locking up machine ... %.100s [%.100s] (%.260s) "%.100s" RO passwd:%.100s RW passwd:%.100s %s%s%s%s and a bit further along the file a whole bunch of HTML crap (is this standard BO2K or a custom thing for this one??): <head><title>Network Neighborhood</title></head> .... I also found a whole bunch of SMTP related strings, but maybe those are BO2K related too. ------------------------- In short, it seems that somebody is doing yet another attempt at spreading BO2K through email ... possibly with the script spreading itself, but I've only done a quick view of the file and haven't looked at it in any detail ;) regards, Rik -- "What you're running that piece of shit Gnome?!?!" -- Miguel de Icaza, UKUUG 2000 http://www.conectiva.com/ http://www.surriel.com/ ---------- Forwarded message ---------- Date: Tue, 03 Oct 2000 17:15:15 GMT From: Euro bank <euro_bank () hotmail com> To: aephe () hotmail com Subject: Free eurocalculator!!! You got a free eurocalculator send to you by Euro_bank An introduction to the Euro! Enjoy!! _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
Current thread:
- New email virus? [Free eurocalculator!!!] Rik van Riel (Oct 03)