Security Incidents mailing list archives

RE: Fwd: of offending.

From: Dean Cunningham <Dean.Cunningham () ew govt nz>
Date: Thu, 16 Aug 2001 09:40:40 +1200

Slight correction,
That is, instead of "[name deleted]", you'd see "[mame deleted]"

should be
That is, instead of "[name deleted]", you'd see "[nbme deleted]"

Also magistr does *not* always increment the second character of the return
path.
This is based on the ones we have had detected my McAfee (about 500) as
magistr.
We autoreply to the sender and they were bouncing, that is how we found out
about the feature.
Till a few weeks ago McAfee had still not detailed this feature of Magistr.

regards
Dean


-----Original Message-----
From: Luc Pardon [mailto:lucp () skopos be]
Sent: Wednesday, 15 August 2001 3:20 p.m.
To: dep
Cc: 'incidents () securityfocus com'
Subject: Re: Fwd: of offending.


  This is probably WM32/Disemboweler/W32/Magistr@mm.

  Check the mail headers, the "Return-Path" should be different from the
"From". To be more precise, the second character of the "Return-Path"
address should be one up in the alphabet (a -> b,  m -> n etc).

  That is, instead of "[name deleted]", you'd see "[mame deleted]" ;-)

  Best,

  Luc Pardon
  Skopos Consulting
  Belgium



dep wrote:

just got this; attachment is removed, of course. if anybody wants to
take the attachment apart and see if there's yet another rascal out
there, please let me know and i'll send it along. the items in
brackets were put there by me.

----------  Forwarded Message  ----------

Subject: of offending.
Date: Tue, 14 Aug 2001 22:18:22 +0000
From: [name deleted] <[deleted]@[deleted].demon.co.uk>
To:

Reasons for committing crime, the gains and losses, the cycle of
 change, individual offending cycles and victim issues.  Also
 included are the behavioural triangle, the STOP strategy and
 exploration of future goals.

[attachment] MSOOBE.EXE [64k]

-------------------------------------------------------
--
dep

one day, you'll wish it was now.
your wish has been granted.
don't waste it.

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Fwd: of offending. dep (Aug 14)
- Re: Fwd: of offending. Luc Pardon (Aug 15)
- <Possible follow-ups>
- RE: Fwd: of offending. Dean Cunningham (Aug 15)