Re: [MLUG - DISCUSSION] clever virus trick

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "MLUG Off-Topic Discussion" <EMAIL:PROTECTED>
Subject: Re: [MLUG - DISCUSSION] clever virus trick
From: "Vern Green" <EMAIL:PROTECTED>
Date: Tue, 2 May 2006 08:09:03 -0700
Delivery-date: Tue, 02 May 2006 09:09:11 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=W83+qe12dTbsiw5kH6ORt8DmSt1UqWtqUNP3DnrmNTjJZV4ImF8lZTcThGJ17FgHDncYQFypkZNbz4Uq+lf4xaXmAF7/1hiB8yLi+fcpHnvGSqfSncCOVYwgOk3U+zue/gPb9Tsd2IBbp7x2g7LgeOdffaL+sXtc4gUcD2DuP/o=
Envelope-to: EMAIL:PROTECTED
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED>
Reply-to: MLUG Off-Topic Discussion <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

This is the standard operation for a lot of viruses. Yeah people
finally got smart and stopped running executables, then comes this
fake batch file thing.

Users of all computer systems need to know not to click on
attachments. I don't care if you are on Linux, MacIntosh or Windows,
if you automatically open up every attachment you receive, then you
are going to get a virus.

Coincedentally, I found this article in MacWorld particularly
interesting last night.

http://www.macworld.com/news/2006/05/01/sans/index.php

It looks as if things might start getting a little rocky for Mac users soon.

On 5/2/06, Mike Miller <EMAIL:PROTECTED> wrote:

I received an email with subject "My Best Photo" and an attached file
named Photo.zip.  The email text read as follows:

Hi,
I want to share my photo with you.
Wishing you all the best.

The interesting part is what was in the Photo.zip file:

Archive:  Photo.zip
  inflating: Photo/Photo.bmp
 extracting: Photo/View-Photo.bat

The file View-Photo.bat consisted of one line:

Photo.bmp

The file Photo.bmp was some sort of executable binary file.  When I look
at strings Photo.bmp I see "MS-Outlook" in there, so I think this virus
uses MS Outlook.

Anyway, I guess this means that Windows will execute a file without .exe,
.com or .bat extension if it is called from within a batch file.  People
who receive this thing will try to open the Photo.bmp, but that will fail
because it isn't a proper BMP file, so they will then click the
View-Photo.bat file and they'll be screwed.

Mike

_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion

--
Thanks
F Vernon Green

_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion

Follow-Ups:
- Re: [MLUG - DISCUSSION] clever virus trick
  - From: "Christian M. Cepel" <EMAIL:PROTECTED>

References:
- [MLUG - DISCUSSION] clever virus trick
  - From: Mike Miller <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG - DISCUSSION] [MLUG][Politics]The great immigration wash-out
Next by Date: Re: [MLUG - DISCUSSION] clever virus trick
Previous by thread: [MLUG - DISCUSSION] clever virus trick
Next by thread: Re: [MLUG - DISCUSSION] clever virus trick
Index(es):
- Date
- Thread