Antwort: [suse-security] Should I be worried about t
Hi, last night I received the same eMail with attchement named healthnetcoveragelist.xls.lnk .pif and .lnk extensions will never show in windows, unless you make a registry hack like AlwaysShowExt = "" The complete mail with base64 coded is 206 KB size, pretty much for a virus ! Did anybody check out what this thingy does ?? mike blum ____________________Antwort-Abtrennung____________________ Betreff: Re: Fwd: [suse-security] Should I be worried about the CodeR Verfasser: <jdanield@dodin.net > Datum: 25.07.2001 09:48 never - never open an attachment you don't wait specifically for ! I receive nearly a virus/trojan each day. [snip] jdd say, just after your message, on my box I got this (I send you only partial copy): ------6BC6674D_Outlook_Express_message_boundary Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: message text Hi! How are you=3F I send you this file in order to have your advice See you later=2E Thanks ------6BC6674D_Outlook_Express_message_boundary Content-Type: application/mixed; name=court.doc.pif Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=court.doc.pif #look at the filename !!!! TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAEAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5k ZXIgV2luMzINCiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQgAGV5CKgAA AAAAAAAA4ACOgQsBAhkAqAEAAGwAAAAAAACkqQEAABAAAADAAQAAAEAAABAAAAACAAABAAAA AAAAAAQAAAAAAAAAAIACAAAEAAAAAAAAAgAAAAAAEAAAQAAAAAAQAAAQAAAAAAAAEAAAAAAA AAAAAAAAAPABAK4RAAAAYAIAABgAAAAAAAAAAAAAAAAAAAAAAAAAMAIAOCAAAAAAAAAAAAAA AAAAAA -- <http://www.dodin.net> <mailto:jdanield@dodin.net> WHO'S THAT GUY ? Help me found it Russia & South america help needed http://www.dodin.net/serge/index.html -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Wed, 25 Jul 2001 blum@gl.ssp-consult.de wrote:
last night I received the same eMail with attchement named healthnetcoveragelist.xls.lnk
The complete mail with base64 coded is 206 KB size, pretty much for a virus ! Did anybody check out what this thingy does ??
I bet it's I-Worm.SirCam (see for example http://www.avp.ch/avpve/worms/email/sircam.stm or http://www.vhm.haitec.de/www/software/virus/aktuell.shtml). best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
Hi, last night I received the same eMail with attchement named healthnetcoveragelist.xls.lnk
.pif and .lnk extensions will never show in windows, unless you make a registry hack like AlwaysShowExt = ""
The complete mail with base64 coded is 206 KB size, pretty much for a virus ! Did anybody check out what this thingy does ??
And don't forget extension .url (can it do damage?). That attachment would be SirCam. Kindly reply to the sender and give them this handy fix from Norton: http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.h... I recieved a 900KB zip file a few days. 200KB is small on this virus'es scale. -BarkerJr
participants (3)
-
BarkerJr -
blum@gl.ssp-consult.de -
Rainer Link