Security Incidents mailing list archives
Virus? Trojan?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 30 Dec 2002 14:03:18 -0800
So far today, I've received two email messages from kbl-zrz2519.zeelandnet.nl [62.238.233.233] which, apparently, claimed in its HELO message to *be* our local MX (which of course was who it was talking TO). Sounds to me like a bug in the sending software. The other thing these messages had in common was a 33KB .scr ("screen saver") executable attachment. Norton doesn't recognize this as a known threat, but I don't want to be the first to learn the hard way what it does. MAYBE this is just ill-conceived and poorly-written spam. Maybe it's something more serious. Anybody know one way or the other? David Gillett ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: RPAT - Realtime Proxy Abuse Triangulation, (continued)
- RE: RPAT - Realtime Proxy Abuse Triangulation Rob Shein (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Gary Flynn (Dec 30)
- RE: RPAT - Realtime Proxy Abuse Triangulation Rob Shein (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Syzop (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Jay D. Dyson (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
- Virus? Trojan? David Gillett (Dec 30)
- Re: Virus? Trojan? Peter Kruse (Dec 30)