Spam with trojan horse installed

[amohammed () CARIB-LINK NET (Ansar Mohammed)]

This is a multi-part message in MIME format.

------=_NextPart_000_002B_01BE616A.9797FAE0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Some idiot sent out the following e-mail a couple days ago:

Goodmorning.
02/23/99


We at mail.yahoo.com are pleased to release this cute little game which =
promises to captive and mesmerize you for hours on end.

Lots of dedication went into the production of this compact little PC =
entertainer. Simply download the file "Yahoo.exe", double-click and let =
the fun begin.


Brandon.
Assistant Director Yahoo Inc.
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com



// Yahoo.exe is actually the netbus 2.0 server designed to install =
without the user knowing anything.
// The following registry entries were embeded within the exe.

REGEDIT4

[HKEY_CLASSES_ROOT\.dl_]

@=3D"exefile"

"Content Type"=3D"application/x-msdownload"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Rundll32"=3D"rundll2.dl_"



[HKEY_LOCAL_MACHINE\Software\Net Solutions]

[HKEY_LOCAL_MACHINE\Software\Net Solutions\NetBus Server]

[HKEY_LOCAL_MACHINE\Software\Net Solutions\NetBus Server\General]

"Accept"=3D"1"

"TCPPort"=3D"20043"

"Visibility"=3D"3"

"AccessMode"=3D"2"

[HKEY_LOCAL_MACHINE\Software\Net Solutions\NetBus Server\Protection]

"Password"=3D"$\".-("






------=_NextPart_000_002B_01BE616A.9797FAE0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">

<HTML>
<HEAD>

<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.71.2016.0"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT size=3D2>Some idiot sent out the following e-mail a couple =
days=20
ago:</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>Goodmorning.<BR>02/23/99<BR><BR><BR>We at =
mail.yahoo.com are=20
pleased to release this cute little game which promises to captive and =
mesmerize=20
you for hours on end.<BR><BR>Lots of dedication went into the production =
of this=20
compact little PC entertainer. Simply download the file =
"Yahoo.exe",=20
double-click and let the fun begin.<BR><BR><BR>Brandon.<BR>Assistant =
Director=20
Yahoo =
Inc.<BR>_________________________________________________________<BR>DO=20
YOU YAHOO!?<BR>Get your free @yahoo.com address at <A=20
href=3D"http://mail.yahoo.com";>http://mail.yahoo.com</A></FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>// Yahoo.exe is actually the netbus 2.0 server =
designed to=20
install without the user knowing anything.</FONT> </DIV>
<DIV><FONT size=3D2>// The following registry entries were embeded =
within the=20
exe.</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2><FONT face=3DTerminal size=3D1>

REGEDIT4</P>

[HKEY_CLASSES_ROOT\.dl_]</P>

@=3D"exefile"</P>

"Content Type"=3D"application/x-msdownload"</P>

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]</P>=


"Rundll32"=3D"rundll2.dl_"</P>

 </P>

[HKEY_LOCAL_MACHINE\Software\Net Solutions]</P>

[HKEY_LOCAL_MACHINE\Software\Net Solutions\NetBus Server]</P>

[HKEY_LOCAL_MACHINE\Software\Net Solutions\NetBus Server\General]</P>

"Accept"=3D"1"</P>

"TCPPort"=3D"20043"</P>

"Visibility"=3D"3"</P>

"AccessMode"=3D"2"</P>

[HKEY_LOCAL_MACHINE\Software\Net Solutions\NetBus =
Server\Protection]</P>

"Password"=3D"$\".-("</P>

 </P>

 </P></FONT></FONT></DIV></BODY></HTML>

------=_NextPart_000_002B_01BE616A.9797FAE0--