lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <404DF84F.6020307@nbnet.nb.ca> From: smenard at nbnet.nb.ca (Steve Menard) Subject: Has anyone seen this in their e-mail Aschwin Wesselius wrote: >On Tue, 2004-03-09 at 01:44, Edward W. Ray wrote: > > >>This e-mail was addressed to my mail server. It even looked >>authentic, but since my mail server never sends me zip attachments I >>thought it strange. >> >>Please be careful when opening. The zip file contains an executable, >>and I would assume it is some kind of virus or worm. >> >>Has anyone else seen something similar? >> >>Regards, >> >>Edward W. Ray >> >> >> > >Yeah, this looks like one I've got yesterday too. > >The message was different and even the password was different (clever >virus-writer huh). I bet it is a Bagle.Gen-zippwd (who gives them names >actually?) sort of worm, but am not sure. > >I dare not to open it at all. At least my ClamAssassin fetched it and >sorted it into my Virus folder. This means that ClamAV (for Linux) >recognizes it as a worm/virus > >Kind regards, > >Aschwin Wesselius > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > I Suspect that it is a targetted long term attack against higher targets see the one below from march 3,2004 I saw this one the other day I thought the guys I hosted with wrote better english Suspicious fromthe start >From - Wed Mar 3 08:48:00 2004 X-UIDL: &jJ"!-ek"!S[/"!8>c!! X-Mozilla-Status: 1001 X-Mozilla-Status2: 10000000 Return-Path: <lisa4@....rr.com> Received: from techsp05 ([203.177.127.113]) by changed.not (8.10.2/8.9.3) with SMTP id i23CZqe08455 for <me@...omain>; Wed, 3 Mar 2004 08:35:53 -0400 Date: Wed, 03 Mar 2004 20:43:45 +0800 To: me@...omain Subject: Notify about using the e-mail account. From: noreply@...omain Message-ID: <ocsgoycxukouajqfnbr@...omain> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------iwmrgskpbqjqjvtotrwg" X-UIDL: &jJ"!-ek"!S[/"!8>c!! ----------iwmrgskpbqjqjvtotrwg Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Dear user of e-mail server "mydomain.xx", Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service. For details see the attached file. Attached file protected with the password for security reasons. Password is 55366. Cheers, The mydomain team http://www.mydomain ----------iwmrgskpbqjqjvtotrwg Content-Type: application/octet-stream; name="TextDocument.zap" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="TextDocument.zap" some zipped bad file here= ----------iwmrgskpbqjqjvtotrwg-- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040309/3a03566a/attachment.html
Powered by blists - more mailing lists