Worm (was Re: [vox-tech] cron - not at a different time)
Jeff Newmiller
vox-tech@lists.lugod.org
Wed, 3 Mar 2004 10:25:21 -0800 (PST)
On Wed, 3 Mar 2004, Robert G. Scofield wrote:
> On Wednesday 03 March 2004 09:43, Peter Jay Salzman wrote:
> >
> > ps- is there a new virus? all of a sudden, starting from last night
> > i've gotten a huge ton of emails that say things like:
> >
> > Arggghh, I hate plaintext!
> >
> > Here is your excel file.
> >
> > I don't bite, weah!
> >
> > Your file is attached.
> >
> > i normally don't see viruses because i filter based on executable
> > strings in every win32 executable. but these viruses seem to be
> > carrying .zip and .pif payloads which are getting past my filter.
>=20
> I just got a message from "lugod@livepenguin.com" with an apparent zip fi=
le=20
> attached. Here's what it says:
>=20
> "Looking =A0forward for =A0a response :P
> =A0
> password: 17468
> AttachedFile.zip"
>=20
> Does anyone know what this is all about?
You are supposed to open the zipfile using the password and run the
contents. ;)
Seriously... these emails are cropping up so much in the last day that
this has to be a worm. I haven't seen any analyses of this one, though.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<jdnewmil@dcn.davis.ca.us> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------