Re: Romeo&Juliet (fwd)

["Fisher, Lee" <Lee_Fisher () NAI COM>]

This looks to be the W32/BleBla@mm worm.  We have protection in the form of
an extra driver.  McAfee/Dr Solomon customers may see AVERT raise the risk
assesment of this mass mailer over the weekend.

For official information, check:

http://www.avertlabs.com

Lee Fisher
Systems Engineer,
AntiVirus and Information Security Specialist
Member of the AVERT
McAfee/Dr Solomons
For United Kingdom and South Africa

PGP FingerPrint:7323 57AD D0E5 97E4 D173  E6F9 341F BA79 760A 3DFC

-----Original Message-----
From: Michal 'CeFeK' Nazarewicz [mailto:Michal.Nazarewicz () SayDK Co UK]
Sent: 16 November 2000 22:58
To: INCIDENTS () SECURITYFOCUS COM
Subject: Romeo&Juliet (fwd)


Hi List,
        I've just received strange e-mail from the person living in my
country, but one i've never written to. It looks very, very suspicious:
message body looks corrupted (pine says it's encoded in qp, but contains
non-hexadecimal characters). There are two attachments: one is of
APPLICATION/X-MSWORD type, but it's extension is .EXE. The second one is
of .CHM extension, I haven't looked at it yet.
        The subject of this e-mail os Romeo&Juliet... so this looks like
just one another funny e-mail from someone you should know.
        If anyone is interested, I can email him these attachments. I'm
very curious, what's this.

Regards,
--
Michal 'CeFeK' Nazarewicz   / CAOL, DK GROUP SYSADMIN ^ NETADMIN         B
ICQ 47171266 / +48 (601) CEFEK 0 / http://www.dkgroup.pl/index.html      O
mailto:cefek at saydk dot co dot uk / MN4735-RIPE / Pengiun #164007      F
Linux kanton 2.4.0-test7 #9 sob wrz 2 12:46:51 CEST 2000 i686 slackware7 H