[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4059F062.10850.29A6FC8@localhost>
From: rslade at sprint.ca (Rob, grandpa of Ryan, Trevor, Devon & Hannah)
Subject: New Virus probably Bagle.Q
From: "Helmut Hauser" <helmut_hauser@...mail.com>
Date sent: Thu, 18 Mar 2004 11:08:44 +0100
> link to virus is ...
> http://blah.blah.blah:81/100721.php
The php is a dead giveaway: this is probably Bagle.Q et al. (The message probably
had object tags around this, correct?) The infected machine will download a
script: the script will download a (seemingly innocuous) file, and then rename it
and invoke it. Then *you* start sending out email like that :-)
> Host is in Korea, abuse warning has been sent.
Have you also contacted the ISP? The machine owner is probably unaware of
what is going on. (The samples I've got are from Korea as well.)
====================== (quote inserted randomly by Pegasus Mailer)
rslade@....bc.ca slade@...toria.tc.ca rslade@....soci.niu.edu
Those are my principles. If you don't like them I have others.
- Groucho Marx
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
Powered by blists - more mailing lists