Security Incidents mailing list archives
Re: Virus? Trojan?
From: Jonathan Rickman <jonathan () xcorps net>
Date: Mon, 30 Dec 2002 20:15:42 -0500 (EST)
On Mon, 30 Dec 2002, David Gillett wrote:
So far today, I've received two email messages from
kbl-zrz2519.zeelandnet.nl [62.238.233.233]
which, apparently, claimed in its HELO message to *be*
our local MX (which of course was who it was talking TO).
Sounds to me like a bug in the sending software.
The other thing these messages had in common was a
33KB .scr ("screen saver") executable attachment.
Norton doesn't recognize this as a known threat, but
I don't want to be the first to learn the hard way what
it does.
MAYBE this is just ill-conceived and poorly-written
spam. Maybe it's something more serious. Anybody know
one way or the other?
Consider yourself lucky. I received over 3000 over a 24 hour period this weekend. It seems to be spreading more rapidly as of late. Possibly a variant? -- Jonathan Rickman X Corps Security http://www.xcorps.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Virus? Trojan? Jonathan Rickman (Jan 02)
- <Possible follow-ups>
- Re: Virus? Trojan? Nick FitzGerald (Jan 02)
- RE: Virus? Trojan? James C Slora Jr (Jan 12)
- RE: Virus? Trojan? Nick FitzGerald (Jan 12)
- Re: Virus? Trojan? James C. Slora Jr. (Jan 12)
- RE: Virus? Trojan? Nick FitzGerald (Jan 12)