If I have to guess about the mail, I would say it was Magistr virus. In certain circumstances, Magistr mangles the mail it tries to send, making this garbage you received. The Subject and body is taken from a random document on the infected box. It can be anything, from a Word Document to a text file, so the theory that is a RTF file is probably correct. Cheers Fernando -- Fernando Cardoso - Security Consultant WhatEverNet Computing, S.A. Phone : +351 21 7994200 Praca de Alvalade, 6 - Piso 6 Fax : +351 21 7994242 1700-036 Lisboa - Portugal email : fernando.cardosoat_private http://www.whatevernet.com/ > > 1) > > We received an email from someone else with only the following in the > mail: > > ################################################################## > ####################### > <snip> > Sent: Friday, September 28, 2001 3:04 PM > Subject: Be sure to answer. > > \par }\pard \qj\widctlpar{\*\pn \pnlvlcont\pndec }{\fs24\lang2057 > > \par {\pntext\pard\plain\f1 \'b7\tab}}\pard > \qj\fi-283\li283\widctlpar{\*\pn \pnlvlblt\pnf1\pnindent283 > {\pntxtb \'b7}}{\fs24\lang2057 Create a new file. > > \par }\pard \qj\widctlpar{\*\pn \pnlvlcont\pndec }{\fs24\lang2057 > > \par The new command \ldblquote Scan Text\rdblquote has been added to > the \ldblquote File\rdblquote > menu. > > \par > > \par > > \par }{\b\fs30\lang2057 C. Excel 2000 (Office 2000) and Excel 97 (Office > 97) > > \par }{\fs24\lang2057 > > \par Start Excel. > > ################################################################## > ######################## > > My questions are : > > - WTF is this ? or What was it suppose to be ? > - What does the above code try to do ? > > I suppose this couldve just been an accident, I haven't mailed the > sender for his input yet. Just thought I'll add it into the email along > with my other question. > _____________________________________________________________________ INTERNET MAIL FOOTER A presente mensagem pode conter informação considerada confidencial. Se o receptor desta mensagem não for o destinatário indicado, fica expressamente proibido de copiar ou endereçar a mensagem a terceiros. Em tal situação, o receptor deverá destruir a presente mensagem e por gentileza informar o emissor de tal facto. --------------------------------------------------------------------- Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. --------------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 11:13:10 PDT