Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

New Virus (or Variant) Apparently Spreading

From: David Farber <dave () farber net>
Date: Wed, 08 Dec 2004 12:28:32 -0500


Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: December 8, 2004 12:13:19 PM EST
To: dave () farber net
Subject: New Virus (or Variant) Apparently Spreading


Dave,
FYI. I'm seeing what appears to be a new virus here -- a cleaned sample is below. It may just be an offshoot or variation of some existing virus, but it's interesting in that it not only claims to come from various different domains (in this example "hotmail"), but also provides a generated URL to those domains for "more info" (which may lend the messages more credence in 
the eyes of some recipients).

You'll note that it also includes a handy spelling error for
scanning checks ("Occured_Errors" [sic]).

--Lauren--
Lauren Weinstein
lauren () pfir org or lauren () vortex com or lauren () privacyforum org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
http://www.vortex.com
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org 
Co-Founder, Fact Squad - http://www.factsquad.org
Co-Founder, URIICA - Union for Representative International Internet
                     Cooperation and Analysis - http://www.uriica.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://www.vortex.com/lauren-blog

------- Forwarded Message

Return-Path: Error_Mail () hotmail com
Delivery-Date: Wed Dec  8 03:41:22 2004
Return-Path: <Error_Mail () hotmail com>
Received: from fqbnq.com ([204.244.209.152])
From: Error_Mail () hotmail com
Date: Wed, 08 Dec 2004 11:38:45 GMT
Subject: FwD: mail delivery system <SMTP:8165>

This is a multi-part message in MIME format.

- --b9102e1cb2eec4

This mail was generated automatically.
More info about --HOTMAIL-- under: http://www.hotmail.com

- -------
Occured_Errors:

170.200.95.118_does_not_like_sender.
# 238: Giving_up_on_170.200.95.118.
# 463: This_account_has_been_disabled_[#188].
# 483: Remote_host_said:_delivery_error

End
- -------

The corrected mail is attached.

Auto_Mail.System: [hotmail]
- - --b9102e1cb2eec4
Content-Type: application/octet-stream; name=auto__mail.hotmail4072.TXT.pif 
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="auto__mail.hotmail4072.TXT.pif" 

 ...

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: