[Esd-l] I don't like the looks of this one

[John D. Hardin]

On Mon, 29 Oct 2001, Brett Glass wrote:

> What sort of attack is this?
> 
> --Brett
> 
> Trapped excessively long header:
> Subject: -tgnlogontgnlogondesktopsampledesktopdesktopgics_mapdesktoptgnlogongics_mapgics_maptgnlogontgnlogontgnlogondesktopdesktopgics_maptgn-doc-downloadgics_maptgn-doc-downloadtgnlogontgn-doc-downloadsamplesampletgn-doc-downloadgics_mapsampledesktopgics_maptgnlmx.lariat.org.tgnlogon
> 
> STATUS: Header truncated.

That looks like the BO-autorun-email-attack portion of Nimda.

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Mary had a little key
  she kept it in escrow
  and everything that Mary sent
  the feds were sure to know         -- Andy Starritt, in sci.crypt
-----------------------------------------------------------------------
   Tomorrow: Halloween