Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

New Horizons in spam and virii

From: David Farber <dave () farber net>
Date: Mon, 09 Aug 2004 17:32:55 -0400


Begin forwarded message:

From: hal () halstucker com
Date: August 9, 2004 5:15:43 PM EDT
To: dave () farber net
Subject: Re: [IP] New Horizons in spam and virii


(P.S. -- I've also gotten several copies of an unidentified
virus that says "new price" - the payload has the name
price.zip or price2.zip.)


I also got the price.zip file -- it contains two files, one
called price.exe and one called price.html.  Checked with the
folks at CERT and they said they've only had reports on the
virus in the last couple of days and they're examining a
sample that was sent to them.  They're still not sure what it
does but said the html file seems to be some sort of
javascript that actitvates the .exe file.  Couldln't find
anything about it doing a general Google search or a Google
search on both the F-Prot and TrendMicro sites.

If anyone has any more info on this particular bit of
mischief, I'd be interested to hear it.

---- Original message ----

Date: Mon, 9 Aug 2004 16:26:35 -0400
From: David Farber <dave () farber net>
Subject: [IP] New Horizons in spam and virii
To: Ip <ip () v2 listbox com>



Begin forwarded message:

From: Dana Blankenhorn <dana () a-clue com>
Date: August 9, 2004 3:51:39 PM EDT
To: dave () farber net
Subject: New Horizons in spam and virii

I remember last week's thread on spoofing, which started with

your

complaint
about someone taking your name in vain.

Well, here's a new one.

This one just came in "from" one of my e-mail addresses,

addressed "to"

the
other one. As I may have mentioned, I've generally

blacklisted myself

because I'm so often spoofed.

A quick glance with Mailwasher showed that, had this gotten

into Outlook

Express, it would have displayed a picture called

"joasqfnhjt.bmp" and

then
initiated a file called "Readme.zip" that looks nasty indeed.

Following is the complete header. The moral is "Be Very

Careful Out

There."

Note that the "Vickybrazel.org" domain doesn't exist.

Return-Path: <danablankenhorn () mindspring com>
Received: from VICKYBRAZEL.org ([216.151.44.14])
        by a-clue.com (8.11.6/8.11.6) with SMTP id i79JgY900748
        for <dana () a-clue com>; Mon, 9 Aug 2004 13:42:35 -0600
Date: Mon, 09 Aug 2004 14:47:57 -0600
To: "Dana" <dana () a-clue com>
From: "Danablankenhorn" <danablankenhorn () mindspring com>
Subject: Re: Document
Message-ID: <hqtthcpjpiyfvkijxyn () a-clue com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------lgwwxmsenvleqajvlwwe"
X-Spam-Status: No, hits=2.9 required=5.0


tests=HTML_30_40,HTML_IMAGE_ONLY_02,HTML_MESSAGE,MIME_HTML_ONLY

        version=2.52
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 2.52

(1.174.2.8-2003-03-24-exp)

X-UIDL: L9M!!#[=!!pSO!!C+G"!
Status: U

(P.S. -- I've also gotten several copies of an unidentified

virus that

says
"new price" - the payload has the name price.zip or price2.zip.)

-------------------------------------
You are subscribed as hal () halstucker com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at:

http://www.interesting-people.org/archives/interesting-people/

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: