Re: attachment; filename="photo1.jpg.pif"

From: Zora Monster (Zoramonat_private)
Date: Tue Apr 24 2001 - 10:38:14 PDT

Next message: Alfred Huger: "Vacation Troller, Ignore."

Previous message: Hugo van der Kooij: "Re: Increase in Sun RPC Scans"
In reply to: Dzzie Z: "attachment; filename="photo1.jpg.pif""
Next in thread: Brad Griffin: "Re: attachment; filename="photo1.jpg.pif""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

According to Symantec, this is the W32.Stator@mm worm.  Info can be found at
http://www.symantec.com/avcenter/venc/data/w32.statorat_private

Zora

> hey guys
> 
> today I got a this mail and was wondering if anyone else
> on the lists here have gotten a similar one.
> 
> I dont have the font installed for the (presumably)
> russian txt but I find it pretty unlikely that a plain ole
> spammer would be using tricks like "photo1.jpg.pif"
> 
> i peeked at the unencoded binary (60k) file, and the headers
> definatly dont look like any of the other pif file on my
> system, and they dont quite look like a c++ file either.
> I dunno. glad for text only mailers though : )
> 
> anyone else seen this m/o ?
> 
> contact me off list if you want
> the mimed file.
> 
> 
> +OK 87078 octets
> X-Apparently-To: dzzieat_private via web11102
> X-Track: 10: 40
> Received: from mx5.port.ru  (EHLO smtp5.port.ru) (194.67.23.40)
> by mta495.mail.yahoo.com with SMTP; 23 Apr 2001 22:11:39 -0700 (PDT)
> Received: from [212.96.196.64] (helo=smtp.mail.ru)
> by smtp5.port.ru with smtp (Exim 3.14 #3)
> id 14rv68-000EK9-00
> for dzzieat_private; Tue, 24 Apr 2001 09:10:49 +0400
> Received: from 2-193.dialup.comset.net (2-193.dialup.comset.net
> [213.172.2.193])
> by smtp.mail.ru (8.11.1/8.11.1) with ESMTP
> From: Света Ковалева <bipwdkrat_private>
> X-Mailer: The Bat! (v1.42f)
> X-Priority: 3 (Normal)
> To: <dzzieat_private>
> Subject: Привет!!!
> Mime-Version: 1.0
> Content-Type: multipart/mixed; boundary="----------6D16C1DFC68B15F"
> Message-Id: <E14rv68-000EK9-00at_private>
> Date: Tue, 24 Apr 2001 09:10:49 +0400
> 
> ------------6D16C1DFC68B15F
> Content-Type: text/plain; charset=koi8-r
> Content-Transfer-Encoding: 8bit
> 
> Привет!
> Твой  адрес мне дал один наш общий друг ( первый адрес , который ему пришел в
> голову).
> Я недавно в интернете и только что получила этот почтовый ящик!
> Так что я первый раз пишу электронное письмо!!!
> Он сказал что если у меня возникнут вопросы, то я могу спрашивать у тебя...
> Я довольно симпатичная и общительная.
> (можешь на фото посмотреть)
> Жду ответа от тебя!!!
> Напиши немного себе и то что ты хочешь знать обо мне.
> Пока! Пока!
> :)))))))))
> ------------6D16C1DFC68B15F
> Content-Type: application/octet-stream; name="photo1.jpg.pif"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="photo1.jpg.pif"

Next message: Alfred Huger: "Vacation Troller, Ignore."
Previous message: Hugo van der Kooij: "Re: Increase in Sun RPC Scans"
In reply to: Dzzie Z: "attachment; filename="photo1.jpg.pif""
Next in thread: Brad Griffin: "Re: attachment; filename="photo1.jpg.pif""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 12:00:23 PDT