[plug] Caution: new sneaky Klez-like virus variant (-: not attached :-)
Leon Brooks
leon at brooks.fdns.net
Thu Sep 12 09:04:56 WST 2002
Same old mislaid-MIME tricks, but a new twist: it's pretending to be bounced
mail.
$ file type.bat
type.bat: MS-DOS executable (EXE), OS/2 or MS Windows
Interesting strings:
ADVAPI32.dll
WS2_32.dll
MPR.dll
QUIT
DATA
HELO %s
MAIL FROM: <
RCPT TO:<
This program must be run under Win32
KERNEL32
wsfc.dll
vMPR.dll
: uUSER32.d
WinZu
>Rar!t
------------8<--------cut-here--------8<------------
Return-Path: <sales at championfancorp.com>
Delivered-To: leonb-fdns at old-firestation.net
Received: from smtp-01-002.root-mail.com (mail-01-002.root-mail.com
[64.7.206.72])
by mail.old-firestation.net (Postfix) with ESMTP id 681203252D7
for <leon at brooks.fdns.net>; Thu, 12 Sep 2002 05:37:24 +0800 (WST)
Received: from Kubjxx ([67.104.50.19])
by smtp-01-002.root-mail.com (8.12.3/8.12.3) with SMTP id
g8BLanxf031396
for <leon at brooks.fdns.net>; Wed, 11 Sep 2002 14:37:19 -0700
Date: Wed, 11 Sep 2002 14:36:49 -0700
Message-Id: <200209112137.g8BLanxf031396 at smtp-01-002.root-mail.com>
From: postmaster <postmaster at brooks.fdns.net>
To: leon at brooks.fdns.net
Subject: Returned mail--"japanese lass' sexy pictures"
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Uh0852SDVXwojx6j988l
Status: R
X-Status: N
The following mail can't be sent to wtca at woodtruss.com:
From: leon at brooks.fdns.net
To: wtca at woodtruss.com
Subject: japanese lass' sexy pictures
The attachment is the original mail
type.bat
Attachment: 2
Qffs+v35leqvM2uf1vAa39eFbcUwHpHb1+z1iyP6d4NF7HGWRBdBYzWctZNw5Wy2
More information about the plug
mailing list