Re: [MLUG - DISCUSSION] clever virus trick

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Off-Topic Discussion <EMAIL:PROTECTED>
Subject: Re: [MLUG - DISCUSSION] clever virus trick
From: Rick <EMAIL:PROTECTED>
Date: Tue, 02 May 2006 10:09:23 -0500
Delivery-date: Tue, 02 May 2006 09:09:35 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=ULqZihtgbVdIYmp5DOXfwjNtFK4MBk6Xdcxwp2YAOntKojac1QeI1uPcXXFkIMXtQHWLlstS4+tEhkXTR7/PilNAbU6BLbzkTOc9LYekV6e8SHLHIVDj076Id9O5zmigbrUf2OX29HSjUN8xRpa2CRybwUY214anR80lc0yH7mY=
Envelope-to: EMAIL:PROTECTED
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED>
Reply-to: MLUG Off-Topic Discussion <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED
User-agent: Thunderbird 1.5 (X11/20051025)

I was actually getting some pretty clever ones from <someadmintypename> @greeblesnort.com (which I own) stating my email had been used for something bad and please use the enclosed instructions (looks like a zip file)to correct it. Obviously, I wasn't sending them to myself, so it was not quite as clever, but the .zip was actually a .zip<many spaces>.pif

Rick

Mike Miller wrote:

I received an email with subject "My Best Photo" and an attached file named Photo.zip. The email text read as follows:
Hi,
I want to share my photo with you.
Wishing you all the best.
The interesting part is what was in the Photo.zip file:
Archive:  Photo.zip
  inflating: Photo/Photo.bmp
 extracting: Photo/View-Photo.bat
The file View-Photo.bat consisted of one line:
Photo.bmp
The file Photo.bmp was some sort of executable binary file. When I look at strings Photo.bmp I see "MS-Outlook" in there, so I think this virus uses MS Outlook.

Anyway, I guess this means that Windows will execute a file without .exe, .com or .bat extension if it is called from within a batch file. People who receive this thing will try to open the Photo.bmp, but that will fail because it isn't a proper BMP file, so they will then click the View-Photo.bat file and they'll be screwed.
Mike

-- We simply can't idiot-proof everything. Sometimes the idiots just have to suffer and die. --http://www.overheardintheoffice.com/

_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion

Follow-Ups:
- Re: [MLUG - DISCUSSION] clever virus trick
  - From: Mike Miller <EMAIL:PROTECTED>

References:
- [MLUG - DISCUSSION] clever virus trick
  - From: Mike Miller <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG - DISCUSSION] clever virus trick
Next by Date: Re: [MLUG - DISCUSSION] [MLUG][Politics]The great immigration wash-out
Previous by thread: Re: [MLUG - DISCUSSION] clever virus trick
Next by thread: Re: [MLUG - DISCUSSION] clever virus trick
Index(es):
- Date
- Thread