Security Incidents mailing list archives
RE: Fwd: of offending.
From: Dean Cunningham <Dean.Cunningham () ew govt nz>
Date: Thu, 16 Aug 2001 09:40:40 +1200
Slight correction, That is, instead of "[name deleted]", you'd see "[mame deleted]" should be That is, instead of "[name deleted]", you'd see "[nbme deleted]" Also magistr does *not* always increment the second character of the return path. This is based on the ones we have had detected my McAfee (about 500) as magistr. We autoreply to the sender and they were bouncing, that is how we found out about the feature. Till a few weeks ago McAfee had still not detailed this feature of Magistr. regards Dean -----Original Message----- From: Luc Pardon [mailto:lucp () skopos be] Sent: Wednesday, 15 August 2001 3:20 p.m. To: dep Cc: 'incidents () securityfocus com' Subject: Re: Fwd: of offending. This is probably WM32/Disemboweler/W32/Magistr@mm. Check the mail headers, the "Return-Path" should be different from the "From". To be more precise, the second character of the "Return-Path" address should be one up in the alphabet (a -> b, m -> n etc). That is, instead of "[name deleted]", you'd see "[mame deleted]" ;-) Best, Luc Pardon Skopos Consulting Belgium dep wrote:
just got this; attachment is removed, of course. if anybody wants to take the attachment apart and see if there's yet another rascal out there, please let me know and i'll send it along. the items in brackets were put there by me. ---------- Forwarded Message ---------- Subject: of offending. Date: Tue, 14 Aug 2001 22:18:22 +0000 From: [name deleted] <[deleted]@[deleted].demon.co.uk> To: Reasons for committing crime, the gains and losses, the cycle of change, individual offending cycles and victim issues. Also included are the behavioural triangle, the STOP strategy and exploration of future goals. [attachment] MSOOBE.EXE [64k] ------------------------------------------------------- -- dep one day, you'll wish it was now. your wish has been granted. don't waste it.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Fwd: of offending. dep (Aug 14)
- Re: Fwd: of offending. Luc Pardon (Aug 15)
- <Possible follow-ups>
- RE: Fwd: of offending. Dean Cunningham (Aug 15)