This is probably WM32/Disemboweler/W32/Magistr@mm. Check the mail headers, the "Return-Path" should be different from the "From". To be more precise, the second character of the "Return-Path" address should be one up in the alphabet (a -> b, m -> n etc). That is, instead of "[name deleted]", you'd see "[mame deleted]" ;-) Best, Luc Pardon Skopos Consulting Belgium dep wrote: > > just got this; attachment is removed, of course. if anybody wants to > take the attachment apart and see if there's yet another rascal out > there, please let me know and i'll send it along. the items in > brackets were put there by me. > > ---------- Forwarded Message ---------- > > Subject: of offending. > Date: Tue, 14 Aug 2001 22:18:22 +0000 > From: [name deleted] <[deleted]@[deleted].demon.co.uk> > To: > > Reasons for committing crime, the gains and losses, the cycle of > change, individual offending cycles and victim issues. Also > included are the behavioural triangle, the STOP strategy and > exploration of future goals. > > [attachment] MSOOBE.EXE [64k] > > ------------------------------------------------------- > -- > dep > > one day, you'll wish it was now. > your wish has been granted. > don't waste it. > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 09:35:39 PDT