Security Incidents mailing list archives

Re: New Worm similar to BadTrans.B?

From: zeno <bugtraq () cgisecurity net>
Date: Wed, 28 Nov 2001 09:30:51 -0500 (EST)

I've been getting .pif ,exe .mp3 and ,scr also. Maybe 15 today alone.
All with same mime type you describe.

- zeno () cgisecurity com


Mailer: SecurityFocus

Hi,

our company has recieved some e-mails containing 
the some attachments (all of them as mime-type 
audio/wav) like:
IS_LINUX_GOOD_ENOUGHX.TXT.pif
MATRiX_2_is_OUT.SCR

But the filesize differs from the BadTrans.B worm 
which we also recieved. Interesting output of 
"strings IS_LINUX_GOOD_ENOUGHX.TXT.pif":


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

New Worm similar to BadTrans.B? Peter Turczak (Nov 28)
- <Possible follow-ups>
- Re: New Worm similar to BadTrans.B? zeno (Nov 28)