[Esa-l] Magistr worm defanged but not caught
Floyd Pierce
floydp at boxusa.com
Wed Aug 22 13:55:31 PDT 2001
I have one for you if you want.....
Mime boundary:
>-----=_NextPart_000_00BA_01AC2B89.073B89A0
>Content-Type: application/octet-stream; name="OEMRNCE.23798DEFANGED-EXE"
>Content-Transfer-Encoding: base64
--
Floyd Pierce | Director of Information Technology
Phone 847-790-2830 (IL) | Box USA
Phone 817-783-2355 (TX) | floydp at boxusa.com
Fax 847-790-2880 | floyd at floydbob.com
> -----Original Message-----
> From: esa-l-admin at spconnect.com [mailto:esa-l-admin at spconnect.com]On
> Behalf Of Brett Glass
> Sent: Wednesday, August 22, 2001 3:00 PM
> To: John D. Hardin
> Cc: esa-l at spconnect.com
> Subject: Re: [Esa-l] Magistr worm defanged but not caught
>
>
> At 01:46 PM 8/22/2001, John D. Hardin wrote:
>
> >Brent, you have a sample. Can you give us a minimum size and a Base64
> >signature like we have for Sircam?
>
> I don't have enough samples of the worm to be able to tell
> what varies from copy to copy. Do other folks on the list
> have captured copies we can use for comparison? I'm hoping that
> there's something simple that's constant, such as the MIME boundary
> string....
>
> --Brett
> _______________________________________________
> E-mail Security Announce list mailing list
> E-mail Security Announce list at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esa-l
More information about the esd-l
mailing list