[vox-tech] Viruses

Donald Childs vox-tech@lists.lugod.org
Wed, 3 Mar 2004 10:27:20 -0800 

The email I received didn't contain the [vox/vox-tech] signature.

> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

I figured it was fake.

-Don

> -----Original Message-----
> From: vox-tech-admin@lists.lugod.org
> [mailto:vox-tech-admin@lists.lugod.org]On Behalf Of Rod Roark
> Sent: Wednesday, March 03, 2004 10:23 AM
> To: vox-tech@lists.lugod.org
> Subject: [vox-tech] Viruses
>
>
> On Wednesday 03 March 2004 10:06 am, Robert G. Scofield wrote:
> > On Wednesday 03 March 2004 09:43, Peter Jay Salzman wrote:
> > >
> > > ps- is there a new virus?  all of a sudden, starting from last night
> > > i've gotten a huge ton of emails that say things like:
> > >
> > >    Arggghh, I hate plaintext!
> > >
> > >    Here is your excel file.
> > >
> > >    I don't bite, weah!
> > >
> > >    Your file is attached.
> > >
> > > i normally don't see viruses because i filter based on executable
> > > strings in every win32 executable.  but these viruses seem to be
> > > carrying .zip and .pif payloads which are getting past my filter.
> >
> > I just got a message from "lugod@livepenguin.com" with an
> apparent zip file
> > attached.  Here's what it says:
> >
> > "Looking  forward for  a response :P
> >  
> > password: 17468
> > AttachedFile.zip"
> >
> > Does anyone know what this is all about?
>
> "From" headers in virus emails are almost always forged.
> If you think it really came from the list, send me all the
> headers from the message (do not include the payload or
> your message will most likely be rejected).
>
> I've noticed a whole bunch of unique zip files in these
> messages recently.  For anyone interested, here is my
> current list of Postfix body checks, which is growing daily:
>
> /^TV[nopqr]....[AB]..A.A....*AAAA...*AAAA/ REJECT Microsoft
> executable attachments are not allowed here.
> /^M35[GHIJK].`..`..*````/                  REJECT Microsoft
> executable attachments are not allowed here.
> /^UEsDBAoAAAAAA.....DKJx\+eAFgAAABYAA/ REJECT Attached zip file
> is a virus (1).
> /^UEsDBAoAAAAAA.....CwFOBrAlgAAAJYAA/  REJECT Attached zip file
> is a virus (2).
> /^UEsDBAoAAAAAA.....BdbrAiAFYAAABWAA/  REJECT Attached zip file
> is a virus (3).
> /^UEsDBAoAAAAAA.....BkjKgF7YcAAO2HAA/  REJECT Attached zip file
> is a virus (4).
> /^UEsDBAoAAAAAA.....D72n6\/7YcAAO2HAA/ REJECT Attached zip file
> is a virus (5).
> /^UEsDBAoAAAAAA.....CqcvrHAVYAAAFWAA/  REJECT Attached zip file
> is a virus (6).
> /^UEsDBAoAAAAAA.....BMC61l7YcAAO2HAA/  REJECT Attached zip file
> is a virus (7).
> /^UEsDBAoAAAAAA.....BKH8ydAD4AAAA\+AA/ REJECT Attached zip file
> is a virus (8).
> /^UEsDBAoAAAAAA.....BiZMYWCWMAAAljAA/  REJECT Attached zip file
> is a virus (9).
> /^UEsDBAoAAQAAA.....B7DBL7KlIAAB5SAA/  REJECT Attached zip file
> is a virus (10).
> /^UEsDBAoAAAAAA.....DcIq\+BCIcAAAiHAA/ REJECT Attached zip file
> is a virus (11).
> /^UEsDBAoAAAAAA.....BXRG0y8ocAAPKHAA/  REJECT Attached zip file
> is a virus (12).
> /^UEsDBAoAAAAAA.....CBoWs\/7YcAAO2HAA/ REJECT Attached zip file
> is a virus (13).
> /^UEsDBAoAAQAAA.....BVpTuMtFAAAKhQAA/  REJECT Attached zip file
> is a virus (14).
> /^UEsDBAoAAAAAA.....B78bObV0IAAFdCAA/  REJECT Attached zip file
> is a virus (15).
> /^UEsDBAoAAAAAA.....AedXfJCIcAAAiHAA/  REJECT Attached zip file
> is a virus (16).
> /^UEsDBAoAAQAAA.....CRGduw\/VQAAPFUAA/ REJECT Attached zip file
> is a virus (17).
> /^UEsDBAoAAAAAA.....DpTnai4UYAAOFGAA/  REJECT Attached zip file
> is a virus (18).
>
> -- Rod
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>
>