Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Headerless EMail

From: Mark Ackermans <mack-NO- () -SPAM-KABELFOON NL insecure org>
Date: Sun, 21 Jan 2001 20:06:45 +0100
Hello Attonbitus,

Attonbitus Deus wrote:

What was the thread on the email with no headers?  I looked in the
archives but could not find anything.  The response was that the
sender must have sent the mail directly from the user's mail
server... Anyone remember?

I ask because I just got sent one myself, with the following file
attached:
MEPOJPME.EXE with no name and no headers other than this:


(...)

This looks like the product of a widespread worm called W32/Hybris-B.
Some forms of this virus send itself without specifying the sender.


This was sent directly to me, and the bad part is that they got the
email address from one the SF lists that I participate in. Nowhere
else have I ever used this email address.


Someone using that list probably got his computer infected. The worm
intercepts e-mail addresses from a patched wsock32.dll.

http://www.datafellows.com/v-descs/hybris.shtml
Previous By Date Next
Previous By Thread Next

Current thread: