Security Incidents mailing list archives
RE: Help: Weird email received & E-Safe Alert
From: "Fernando Cardoso" <fernando.cardoso () whatevernet com>
Date: Thu, 4 Oct 2001 19:01:39 +0100
If I have to guess about the mail, I would say it was Magistr virus. In certain circumstances, Magistr mangles the mail it tries to send, making this garbage you received. The Subject and body is taken from a random document on the infected box. It can be anything, from a Word Document to a text file, so the theory that is a RTF file is probably correct. Cheers Fernando -- Fernando Cardoso - Security Consultant WhatEverNet Computing, S.A. Phone : +351 21 7994200 Praca de Alvalade, 6 - Piso 6 Fax : +351 21 7994242 1700-036 Lisboa - Portugal email : fernando.cardoso () whatevernet com http://www.whatevernet.com/
1) We received an email from someone else with only the following in the mail: ################################################################## ####################### <snip> Sent: Friday, September 28, 2001 3:04 PM Subject: Be sure to answer. \par }\pard \qj\widctlpar{\*\pn \pnlvlcont\pndec }{\fs24\lang2057 \par {\pntext\pard\plain\f1 \'b7\tab}}\pard \qj\fi-283\li283\widctlpar{\*\pn \pnlvlblt\pnf1\pnindent283 {\pntxtb \'b7}}{\fs24\lang2057 Create a new file. \par }\pard \qj\widctlpar{\*\pn \pnlvlcont\pndec }{\fs24\lang2057 \par The new command \ldblquote Scan Text\rdblquote has been added to the \ldblquote File\rdblquote menu. \par \par \par }{\b\fs30\lang2057 C. Excel 2000 (Office 2000) and Excel 97 (Office 97) \par }{\fs24\lang2057 \par Start Excel. ################################################################## ######################## My questions are : - WTF is this ? or What was it suppose to be ? - What does the above code try to do ? I suppose this couldve just been an accident, I haven't mailed the sender for his input yet. Just thought I'll add it into the email along with my other question.
_____________________________________________________________________ INTERNET MAIL FOOTER A presente mensagem pode conter informação considerada confidencial. Se o receptor desta mensagem não for o destinatário indicado, fica expressamente proibido de copiar ou endereçar a mensagem a terceiros. Em tal situação, o receptor deverá destruir a presente mensagem e por gentileza informar o emissor de tal facto. --------------------------------------------------------------------- Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. --------------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Help: Weird email received & E-Safe Alert root (Oct 04)
- Re: Help: Weird email received & E-Safe Alert Valdis . Kletnieks (Oct 04)
- RE: Help: Weird email received & E-Safe Alert Fernando Cardoso (Oct 04)
- <Possible follow-ups>
- Re: Help: Weird email received & E-Safe Alert Bill_Royds (Oct 04)