North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Worm probes
It is worse than that. The virus is passing it's self off as audio/x-wav; ----- Original Message ----- From: "Jim Seymour" Newsgroups: spamcop.geeks Sent: Tuesday, September 18, 2001 11:10 AM Subject: New Virus/Worm Email > I just received an interesting email. It made it past my virus filters, but a > report on the NTBugTraq mailing list is reporting it as some kind of unknown > worm that attacks IIS machines. > > The message itself uses an attachment with a content type of audio/x-wav, but > with a name of "readme.exe". I've got the security settings tightened down, but > even so, Outlook Express asked me whether I wanted to open the embedded > attachment. > > Here is the email that I received (without the encoded attachment, of course). > Note the long Subject line and the HTML iframe that refers to local content. > Keep you eye on this one... > > -- > Jim Seymour > > ----------------------------------------------------------------------- > > Received: from TGLNT (mail.tricongroup.com [206.206.91.131]) by mail.cipher.com > with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) > id SVNKL1PC; Tue, 18 Sep 2001 08:15:28 -0700 > From: <[email protected]> > Subject: > Xtoprecvranalyzerdiskstrreadmec2supprttablecoltoprecvraps32analyzerdefaultus ergr > pcinforccidbutilappevent > MIME-Version: 1.0 > Content-Type: multipart/related; > type="multipart/alternative"; > boundary="====_ABC1234567890DEF_====" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Unsent: 1 > > --====_ABC1234567890DEF_==== > Content-Type: multipart/alternative; > boundary="====_ABC0987654321DEF_====" > > --====_ABC0987654321DEF_==== > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > <HTML><HEAD></HEAD><BODY bgColor=3D#ffffff> > <iframe src=3Dcid:EA4DMGBP9p height=3D0 width=3D0> > </iframe></BODY></HTML> > --====_ABC0987654321DEF_====-- > > --====_ABC1234567890DEF_==== > Content-Type: audio/x-wav; > name="readme.exe" > Content-Transfer-Encoding: base64 > Content-ID: <EA4DMGBP9p> > > >
|