Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Antwort: [suse-security] Should I be worried about t
  • From: <blum@xxxxxxxxxxxxxxxxx>
  • Date: Wed, 25 Jul 2001 12:47:58 +0100
  • Message-id: <0107259960.AA996058002@xxxxxxxxxxxxxxxxx>
Hi,
last night I received the same eMail with attchement named
healthnetcoveragelist.xls.lnk

.pif and .lnk extensions will never show in windows, unless you make a registry
hack like AlwaysShowExt = ""

The complete mail with base64 coded is 206 KB size, pretty much for a virus !
Did anybody check out what this thingy does ??

mike blum


____________________Antwort-Abtrennung____________________
Betreff: Re: Fwd: [suse-security] Should I be worried about the CodeR
Verfasser: <jdanield@xxxxxxxxx >
Datum: 25.07.2001 09:48

never - never open an attachment you don't wait specifically for !

I receive nearly a virus/trojan each day.

[snip]

jdd

say, just after your message, on my box I got this (I send you only partial
copy):


------6BC6674D_Outlook_Express_message_boundary
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: message text

Hi! How are you=3F

I send you this file in order to have your advice

See you later=2E Thanks

------6BC6674D_Outlook_Express_message_boundary
Content-Type: application/mixed; name=court.doc.pif
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=court.doc.pif

#look at the filename !!!!

TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAEAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5k
ZXIgV2luMzINCiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQgAGV5CKgAA
AAAAAAAA4ACOgQsBAhkAqAEAAGwAAAAAAACkqQEAABAAAADAAQAAAEAAABAAAAACAAABAAAA
AAAAAAQAAAAAAAAAAIACAAAEAAAAAAAAAgAAAAAAEAAAQAAAAAAQAAAQAAAAAAAAEAAAAAAA
AAAAAAAAAPABAK4RAAAAYAIAABgAAAAAAAAAAAAAAAAAAAAAAAAAMAIAOCAAAAAAAAAAAAAA
AAAAAA

--
<http://www.dodin.net> <mailto:jdanield@xxxxxxxxx>
WHO'S THAT GUY ? Help me found it
Russia & South america help needed
http://www.dodin.net/serge/index.html


--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx





Received: from lists2.suse.com by gl.ssp-consult.de (ccMail Link to SMTP R8.10.00)
; Wed, 25 Jul 2001 09:51:51 +0100
Return-Path: <suse-security-return-8223-blum=gl.ssp-consult.de@xxxxxxxx>
Received: (qmail 7892 invoked by alias); 25 Jul 2001 07:49:03 -0000
Mailing-List: contact suse-security-help@xxxxxxxx; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Post: <mailto:suse-security@xxxxxxxx>
List-Help: <mailto:suse-security-help@xxxxxxxx>
List-Unsubscribe: <mailto:suse-security-unsubscribe@xxxxxxxx>
List-Subscribe: <mailto:suse-security-subscribe@xxxxxxxx>
X-Mailinglist: suse-security
Delivered-To: mailing list suse-security@xxxxxxxx
Received: (qmail 7883 invoked from network); 25 Jul 2001 07:49:03 -0000
Content-Type: text/plain;
charset="iso-8859-1"
From: jdd <jdanield@xxxxxxxxx>
Reply-To: jdanield@xxxxxxxxx
To: jfweber@xxxxxxxxxxx, suse-security <suse-security@xxxxxxxx>
Date: Wed, 25 Jul 2001 09:48:04 +0200
X-Mailer: KMail [version 1.2]
References: <E15PEl3-0006ua-00@xxxxxxxxxxxxxxxxxxxxxxxx>
In-Reply-To: <E15PEl3-0006ua-00@xxxxxxxxxxxxxxxxxxxxxxxx>
MIME-Version: 1.0
Message-Id: <01072509451401.01230@mecum>
Content-Transfer-Encoding: 8bit
Subject: Re: Fwd: [suse-security] Should I be worried about the CodeRed Worm?

< Previous Next >
This Thread
Follow Ups