Security Incidents mailing list archives

Virus? Trojan?

From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 30 Dec 2002 14:03:18 -0800

  So far today, I've received two email messages from

kbl-zrz2519.zeelandnet.nl [62.238.233.233]

which, apparently, claimed in its HELO message to *be*
our local MX (which of course was who it was talking TO).
Sounds to me like a bug in the sending software.

  The other thing these messages had in common was a 
33KB .scr ("screen saver") executable attachment.
Norton doesn't recognize this as a known threat, but
I don't want to be the first to learn the hard way what
it does.

  MAYBE this is just ill-conceived and poorly-written 
spam.  Maybe it's something more serious.  Anybody know
one way or the other?

David Gillett



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

RE: RPAT - Realtime Proxy Abuse Triangulation, (continued)
- - - RE: RPAT - Realtime Proxy Abuse Triangulation Rob Shein (Dec 30)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Gary Flynn (Dec 30)
    - RE: RPAT - Realtime Proxy Abuse Triangulation Rob Shein (Dec 30)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Syzop (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Stephen Friedl (Dec 27)
- Re: RPAT - Realtime Proxy Abuse Triangulation Jay D. Dyson (Dec 30)
  - Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Jay D. Dyson (Dec 30)
    - Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
    - Virus? Trojan? David Gillett (Dec 30)
    - Re: Virus? Trojan? Peter Kruse (Dec 30)