Slight correction, That is, instead of "[name deleted]", you'd see "[mame deleted]" should be That is, instead of "[name deleted]", you'd see "[nbme deleted]" Also magistr does *not* always increment the second character of the return path. This is based on the ones we have had detected my McAfee (about 500) as magistr. We autoreply to the sender and they were bouncing, that is how we found out about the feature. Till a few weeks ago McAfee had still not detailed this feature of Magistr. regards Dean -----Original Message----- From: Luc Pardon [mailto:lucpat_private] Sent: Wednesday, 15 August 2001 3:20 p.m. To: dep Cc: 'incidentsat_private' Subject: Re: Fwd: of offending. This is probably WM32/Disemboweler/W32/Magistr@mm. Check the mail headers, the "Return-Path" should be different from the "From". To be more precise, the second character of the "Return-Path" address should be one up in the alphabet (a -> b, m -> n etc). That is, instead of "[name deleted]", you'd see "[mame deleted]" ;-) Best, Luc Pardon Skopos Consulting Belgium dep wrote: > > just got this; attachment is removed, of course. if anybody wants to > take the attachment apart and see if there's yet another rascal out > there, please let me know and i'll send it along. the items in > brackets were put there by me. > > ---------- Forwarded Message ---------- > > Subject: of offending. > Date: Tue, 14 Aug 2001 22:18:22 +0000 > From: [name deleted] <[deleted]@[deleted].demon.co.uk> > To: > > Reasons for committing crime, the gains and losses, the cycle of > change, individual offending cycles and victim issues. Also > included are the behavioural triangle, the STOP strategy and > exploration of future goals. > > [attachment] MSOOBE.EXE [64k] > > ------------------------------------------------------- > -- > dep > > one day, you'll wish it was now. > your wish has been granted. > don't waste it. > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 14:55:13 PDT