lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Right-wing computer virus

"Richard M. Smith" <rms@...puterbytesman.com> wrote:

> I just received the attached email message.  The original message
> contained an attached file with a computer virus in it.  ...

_WHich_ computer virus?

You know, depending how you count there are arguably anywhere between
about 10,000 and 100,000 computer viruses, so that statement is
exceedingly devoid of meaningful content...

Even limiting ourselves to self-mailing viruses, there are many 
thousands to choose from, so the above still stands.

> ...  The message
> attempts to trick people into running the virus to learn how "dangerous"
> Richard Perle, Ann Coutler, and Michael Savage are.  ...

Doesn't look like that to me at all.

In fact, it looks an awful lot like many currently somewhat common mass-
mailers that not only collect Email addresses from all manner of files 
likely to contain such, but also randomly snag snippets of "text" from 
the same files (or specifically from existing Email messages) to use in 
their messages.  Note how the "message" ends mid-word?  (Well, after 
one letter...)  That is common of several such viruses...

> ... Victims are of
> course going to learn a much different lesson:  Don't click on file
> attachments!

Unlikely -- folk dumb enough to run such things are what keep you and I 
in business and it seems exceedingly unlikely they will stop 
fornicating with each other any time soon...

> The full name of the virus file is "THANK YOU FOR YOUR TIME.eml.exe".

Again, quite likely randomly "stolen" from the victim machine.

Again, quite common among currently common viruses.

And how many times do I have to say that file names per se are 
exceedingly poor "symptoms" to report, especially if they are the only 
symptom reported?


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ