RE: strange qmail actions

From: Bojan Zdrnja (Bojan.Zdrnjaat_private)
Date: Fri Jul 13 2001 - 01:46:42 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: SMTP server (How can I find out the real source of an attack)"

    > -----Original Message-----
    > From: Gerrit Scherpenzeel [mailto:n.scherpenzeelat_private]
    > Sent: 12. lipanj 2001 10:17
    > To: incidentsat_private
    > Subject: strange qmail actions
    > ----VEHAROPAJO1A7KLYBGXUN8H
    > Content-Type: application/octet-stream; name="MLJAJCML.EXE"
    > Content-Transfer-Encoding: base64
    > Content-Disposition: attachment; filename="MLJAJCML.EXE"
    >
    > ..]
    >
    > Or something like this.
    >
    > Sounds like a outlook virus to me, but why these strange mail
    > adresses?
    
    This is probably W32/Hybris-C worm, which sends itself with different
    filenames.
    For more information check:
    http://www.sophos.com/virusinfo/analyses/w32hybrisc.html
    
    I happen to receive at least few of these worms each day :/
    
    Regards,
    
    Bojan Zdrnja
    
    
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 15:43:43 PDT