-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 26 Nov 2001, John Sage wrote:
> Just to take one word ("Attune") out of the excerpt, and do a google
> search on it, I found:
<snip>
> So, at least "Attune" seems to be one of these wonderful new "helpers"
> that run in the background on Window$ boxes, and "help" users...
Heh. I totally blew off the verbiage in the body after a cursory
look brought up prohibitions on reverse-engineering. Just put my mind
straight into safe mode. (Next up: the Dyson Logic DoS...mention anything
that remotely sounds like DMCA restrictions and *boom*.) ;)
Thanks for the follow-up. From what I'm hearing from other folks,
it appears that the content of the message body is pseudorandomly culled
from the contents of the victim's drive; probably from most-recently
accessed documents (probably \windows\temp or \netscape\cache).
I understand this beastie matches a couple of different viral
signatures, though the jury seems to be out on which one it most closely
matches. Time will tell, I suppose.
- -Jay
( ( _______
)) )) .-"There's always time for a good cup of coffee"-. >====<--.
C|~~|C|~~| (>----- Jay D. Dyson -- jdysonat_private -----<) | = |-'
`--' `--' `---------- Si vis pacem, para bellum. ----------' `------'
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iQCVAwUBPAJ21rlDRyqRQ2a9AQGfXwP+OMQTwbgjcALqUaXusOCgnWiFDezMMqWK
4mqQ4zdFzUWb1dCBVwaTg9yL3HKqDJSMzOf+fAkHFp66vONNret3TTqCJPW/ON7k
DqaNcgycSb1qjaQ3s/CT6JwAGYSMj4Empl+hdVM+NjhuqnsmH7Mb2Xnk353G4DIy
boDQ1k93M4M=
=8Cv2
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Nov 26 2001 - 10:12:26 PST