On Tue, 2004-07-20 at 09:34, Chuqui wrote:
> >Animals
>
> Password:
One of my listserv lists got one of these - and it came from an alias of
mine that, literally, had not been used in probably 10 years - it was
still an alias that could be used to post to the list.
It came from a machine in Vietnam.
This almost certainly means that there is a virus out there that is
going after list memberships and then getting those responses and
forging a posting from one of the addresses it finds that is not
shielded and can post to the list. This allows it to bypass the "members
only" list posting.
The gif is the password - this is used because some of the virus
screeners were trying to use every word in the note as a password to
unscramble the zip and then, when and if it unscrambled, to then do the
signature verification.
This is at least partially because people were telling some of their
customers that if they really had to send an exe to someone else, to zip
it first.
This one apparently came from an infected machine at Cornell.
Someone said a similar attack was W32Beagle. I have not checked this
one.
--
Blog: http://majordomo.squawk.com/njs/blog/blogger.html
Atom: http://majordomo.squawk.com/njs/blog/atom.xml
RSS: http://majordomo.squawk.com/njs/blog/atom.rdf
Follow-Ups:
References:
-
Re:
From: "Chuqui" <chuqui@plaidworks.com>
|
|
