RE: Help: Weird email received & E-Safe Alert

["Fernando Cardoso" <fernando.cardoso () whatevernet com>]

If I have to guess about the mail, I would say it was Magistr virus. In
certain circumstances, Magistr mangles the mail it tries to send, making
this garbage you received. The Subject and body is taken from a random
document on the infected box. It can be anything, from a Word Document to a
text file, so the theory that is a RTF file is probably correct.

Cheers

Fernando

--
Fernando Cardoso - Security Consultant       WhatEverNet Computing, S.A.
Phone : +351 21 7994200                      Praca de Alvalade, 6 - Piso 6
Fax   : +351 21 7994242                      1700-036 Lisboa - Portugal
email : fernando.cardoso () whatevernet com     http://www.whatevernet.com/

> 1)
>
> We received an email from someone else with only the following in the
> mail:
>
> ##################################################################
> #######################
> <snip>
> Sent: Friday, September 28, 2001 3:04 PM
> Subject: Be sure to answer.
>
> \par }\pard \qj\widctlpar{\*\pn \pnlvlcont\pndec }{\fs24\lang2057
>
> \par {\pntext\pard\plain\f1 \'b7\tab}}\pard
> \qj\fi-283\li283\widctlpar{\*\pn \pnlvlblt\pnf1\pnindent283
> {\pntxtb \'b7}}{\fs24\lang2057 Create a new file.
>
> \par }\pard \qj\widctlpar{\*\pn \pnlvlcont\pndec }{\fs24\lang2057
>
> \par The new command \ldblquote Scan Text\rdblquote  has been added to
> the \ldblquote File\rdblquote
> menu.
>
> \par
>
> \par
>
> \par }{\b\fs30\lang2057 C. Excel 2000 (Office 2000) and Excel 97 (Office
> 97)
>
> \par }{\fs24\lang2057
>
> \par Start Excel.
>
> ##################################################################
> ########################
>
> My questions are :
>
> - WTF is this ? or What was it suppose to be ?
> - What does the above code try to do ?
>
> I suppose this couldve just been an accident, I haven't mailed the
> sender for his input yet. Just thought I'll add it into the email along
> with my other question.


_____________________________________________________________________
                      INTERNET MAIL FOOTER 
A presente mensagem pode conter informação considerada confidencial.
Se o receptor desta mensagem não for o destinatário indicado, fica
expressamente proibido de copiar ou endereçar a mensagem a terceiros.
Em tal situação, o receptor deverá destruir a presente mensagem e por
gentileza informar o emissor de tal facto.
---------------------------------------------------------------------
Privileged or confidential information may be contained in this
message. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply
email.
---------------------------------------------------------------------


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com