New email virus? [Free eurocalculator!!!]

[Rik van Riel <riel () CONECTIVA COM BR>]

Hi,

I've just gotten this spam, which contains the attachement
"eurocalculator.exe". Since I don't have any windows machines
around and know better than to execute random scripts I get,
I've limited myself to running strings on the file and I got
the following (and more):

--> Version: Back Orifice 2000 (BO2K) v%1.1u.%1.1u
...
Rebooting now.
Reboot attempt failed.
Locking up machine
...
%.100s [%.100s] (%.260s) "%.100s"  RO passwd:%.100s  RW passwd:%.100s  %s%s%s%s

and a bit further along the file a whole bunch of HTML crap
(is this standard BO2K or a custom thing for this one??):

<head><title>Network Neighborhood</title></head>
....

I also found a whole bunch of SMTP related strings, but maybe
those are BO2K related too.

-------------------------

In short, it seems that somebody is doing yet another attempt
at spreading BO2K through email ... possibly with the script
spreading itself, but I've only done a quick view of the file
and haven't looked at it in any detail ;)

regards,

Rik
--
"What you're running that piece of shit Gnome?!?!"
      -- Miguel de Icaza, UKUUG 2000

http://www.conectiva.com/               http://www.surriel.com/

---------- Forwarded message ----------
Date: Tue, 03 Oct 2000 17:15:15 GMT
From: Euro bank <euro_bank () hotmail com>
To: aephe () hotmail com
Subject: Free eurocalculator!!!

You got a free eurocalculator send to you by Euro_bank

An introduction to the Euro!

Enjoy!!
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.