[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <003901c3e531$d1b9f890$231a90d8@NTAUTHORITY>
From: geoincidents at getinfo.org (Geoincidents)
Subject: Mydoom
> And, as I explained earlier, even the size of the .EXE can vary, adding
> yet another inconstancy to the equation.
There is one consistancy that may help people build mail filters. The virus
codes the zip attachment as a mime type of application / octet-stream
(without the spaces) instead of application/x-zip-compressed. It's a
consistancy you can build a rwords/phrase filter around. Only drawback is
that octet stream is basically the default for unknown file types and
Windows98 for some reason uses this mime type for pdf and doc type files but
that's fixable too
You can fix Win98 by going into regedit on the client machine, to
HKEY_CLASSES_ROOT\.pdf and enter
a new string value of "Content Type" = "application/pdf" or for doc file go
to the \.doc key and enter "application/msword" or whatever extension you
find that fails when you try to send mail.
Geo.
Powered by blists - more mailing lists