[Esd-l] Hrmm. executable file in content-type audio/x-wav
plchoy at income.com.sg
Mon Nov 12 18:31:01 PST 2001
They managed to be going thru leaked poisoned list, and infecting users' PCs
and overwriting command.com, and replacing them with command.pif, until
users' PCs can't boot up.
----- Original Message -----
From: "Philip Choy" <plchoy at income.com.sg>
To: <Esd-l at spconnect.com>
Sent: 12-Nov-2001 11:28 AM
Subject: Re: [Esd-l] Hrmm. executable file in content-type audio/x-wav comes
> Here is one more entire mime with truncated attached file - last time
> there is more variants.. though unlikely. This pif file of 65.7kB came
> the poisoned list containing *.pif.
> Received: from interscan.cyberquote.com.sg (smtp.cyberquote.com.sg
> by phillip.com.sg (8.12.0.Beta16/8.12.0.Beta16) with SMTP id
> for <plchoy at income.com.sg>; Mon, 12 Nov 2001 10:39:21 +0800
> Date: Mon, 12 Nov 2001 10:39:21 +0800
> Message-Id: <200111120239.fAC2dLxc011564 at phillip.com.sg>
> Received: from 10.88.94.87 by interscan.cyberquote.com.sg (InterScan
> VirusWall NT); Mon, 12 Nov 2001 10:42:10 +0800
> From: och at phillip.com.sg
> Subject: We want peace
> MIME-Version: 1.0
> X-Security: MIME headers sanitized on mail
> See http://www.impsec.org/email-tools/procmail-security.html
> for details. $Revision: 1.130 $Date: 2001-09-08 11:40:29-07
> Content-Type: multipart/mixed;
> Content-Type: multipart/alternative;
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
> <DEFANGED_iframe src=3Dcid:V550s78E height=3D0 width=3D0>
> I'm sorry to do so,but it's helpless to say sorry.
> I want a good job,I must support my parents.
> Now you have seen my technical capabilities.
> How much my year-salary now? NO more than $5,500.
> What do you think of this fact?
> Don't call my names,I have no hostility.
> Can you help me?
> Content-Type: audio/x-wav;
> Content-Transfer-Encoding: base64
> Content-ID: <V550s78E>
> [ Trucated frm 65.7k junk file ]
> ----- Original Message -----
> From: "John D. Hardin" <jhardin at impsec.org>
> To: "Philip Choy" <plchoy at income.com.sg>
> Cc: <Esd-l at spconnect.com>
> Sent: 11-Nov-2001 2:14 AM
> Subject: Re: [Esd-l] Hrmm. executable file in content-type audio/x-wav
> > On Fri, 9 Nov 2001, Philip Choy wrote:
> > > Content-Type: audio/x-wav; name=Vlusg.exe
> > > Content-Transfer-Encoding: base64
> > > Content-ID: <R0uIhO598>
> > >
> > > Hello. To my surprise, this executable file manages to go thru the
> > > banned list. *.exe is in the poisoned list and exe is in mangle
> > > list too. And, i m using the current version 1.1.130.
> > >
> > > Any solution?
> > Are those *all* of the MIME headers for that attachment?
> > --
> > John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
> Esd-l mailing list
> Esd-l at spconnect.com
More information about the esd-l