once received, the similar e-mail attachement was detected by antivirus
program as "hybris" virus
you can find more info on this at:
http://www.europe.f-secure.com/v-descs/hybris.shtml
"...The worm can also send itself with a random, 8-letter name, for example
UKSJHHKW.EXE. "
"...Hybris is an Internet worm that spreads itself as an attachment to
email messages. The worm works under Win32 systems only. The worm contains
components (plugins) in its code that are executed depending on what worm
needs, and these components can be upgraded from an Internet Web site. The
major worm versions are encrypted with semi-polymorphic encryption loop. "
regards,
------------------
andriusd@labas.com
Max Lindner
From MAILER-DAEMON Sat Jan 27 17:17:40 2001 Return-Path: <> Delivered-To: mlindner@agentur-lindner.de Received: from webserver.hlg-fuerth.de (unknown [212.204.100.206]) by www1.agentur-lindner.de (Postfix) with ESMTP id 19EDA111E84 for
; Sat, 27 Jan 2001 17:17:35 +0100 (CET) Received: by webserver.hlg-fuerth.de (Postfix) id 9EC366695B; Sat, 27 Jan 2001 17:18:42 +0100 (CET) Delivered-To: webmaster@hlg-fuerth.de Received: from mout02.kundenserver.de (mout02.kundenserver.de [195.20.224.133]) by webserver.hlg-fuerth.de (Postfix) with ESMTP id 57F7766959 for ; Sat, 27 Jan 2001 17:18:36 +0100 (CET) Received: from [195.20.224.151] (helo=mrelay01.kundenserver.de) by mout02.kundenserver.de with esmtp (Exim 2.12 #2) id 14MY2y-0003ix-00 for webmaster@hlg-fuerth.de; Sat, 27 Jan 2001 17:17:52 +0100 Received: from p3ee386f8.dip0.t-ipconnect.de ([62.227.134.248] helo=ayla) by mrelay01.kundenserver.de with smtp (Exim 2.12 #2) id 14MY2c-0001ga-00 for webmaster@hlg-fuerth.de; Sat, 27 Jan 2001 17:17:30 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--VE96FW1QV0X2J49MBGHIF0T" Message-Id: From: Remote Mail Delivery System <> Date: Sat, 27 Jan 2001 17:17:30 +0100 Status: RO X-Status: X-Keywords: X-UID: 737
There was no message in it and has had a quite strong attachment named: 'PKCBLMPK.EXE' Is this malware? Anyone knows this file? I didn't execute it yet... Is it possible that relay01.kundenserver.de is an open relay? Thanks for help and suggestions... Max --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com