Security Incidents mailing list archives
Re: New worm? 'readme.eml'
From: "Christopher X. Candreva" <chris () westnet com>
Date: Tue, 18 Sep 2001 11:46:48 -0400 (EDT)
On Tue, 18 Sep 2001, Pedro Miller Rabinovitch wrote:
I've inspected the executable code, and it reads like a worm. (doh) Has anyone seen this?
I just got a readme.exe e-mail to me from a dsl.net IP address a few minutes ago. Odd thing is it sends it's Content-type as audio/x-wav I've added the following to filter it in procmail: :0 B * >50000 * <90000 * ^Content-Type: audio/x-wav; * ^ name="readme.exe" YourVirustrapHere ========================================================== Chris Candreva -- chris () westnet com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- New worm? 'readme.eml' Pedro Miller Rabinovitch (Sep 18)
- Re: New worm? 'readme.eml' Christopher X. Candreva (Sep 18)
- Re: New worm? 'readme.eml' Tony Abedini (Sep 18)
- <Possible follow-ups>
- Re: New worm? 'readme.eml' coop (Sep 18)
- RE: New worm? 'readme.eml' Mark Ng (Sep 18)
- Re: New worm? 'readme.eml' Christopher X. Candreva (Sep 18)