Security Incidents mailing list archives
Re: Headerless EMail
From: Mark Ackermans <mack-NO- () -SPAM-KABELFOON NL insecure org>
Date: Sun, 21 Jan 2001 20:06:45 +0100
Hello Attonbitus, Attonbitus Deus wrote:
What was the thread on the email with no headers? I looked in the archives but could not find anything. The response was that the sender must have sent the mail directly from the user's mail server... Anyone remember? I ask because I just got sent one myself, with the following file attached: MEPOJPME.EXE with no name and no headers other than this:
(...) This looks like the product of a widespread worm called W32/Hybris-B. Some forms of this virus send itself without specifying the sender.
This was sent directly to me, and the bad part is that they got the email address from one the SF lists that I participate in. Nowhere else have I ever used this email address.
Someone using that list probably got his computer infected. The worm intercepts e-mail addresses from a patched wsock32.dll. http://www.datafellows.com/v-descs/hybris.shtml
Current thread:
- Headerless EMail Attonbitus Deus (Jan 21)
- Re: Headerless EMail Mark Ackermans (Jan 22)
- <Possible follow-ups>
- Re: Headerless EMail Forrester, Mike (Jan 22)