Virus? Trojan?

• Previous message: Greg Barnes: "Re: RPAT - Realtime Proxy Abuse Triangulation"
• In reply to: Greg Barnes: "Re: RPAT - Realtime Proxy Abuse Triangulation"
• Next in thread: Peter Kruse: "Re: Virus? Trojan?"
• Reply: Peter Kruse: "Re: Virus? Trojan?"
• Reply: Nick FitzGerald: "Re: Virus? Trojan?"
• Reply: Eric Kimminau: "Abnormally high Sub-Seven attack rate increase"
• Reply: Jonathan Rickman: "Re: Virus? Trojan?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  So far today, I've received two email messages from

kbl-zrz2519.zeelandnet.nl [62.238.233.233]

which, apparently, claimed in its HELO message to *be*
our local MX (which of course was who it was talking TO).
Sounds to me like a bug in the sending software.

  The other thing these messages had in common was a 
33KB .scr ("screen saver") executable attachment.
Norton doesn't recognize this as a known threat, but
I don't want to be the first to learn the hard way what
it does.

  MAYBE this is just ill-conceived and poorly-written 
spam.  Maybe it's something more serious.  Anybody know
one way or the other?

David Gillett



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: Syzop: "Re: RPAT - Realtime Proxy Abuse Triangulation"
• Previous message: Greg Barnes: "Re: RPAT - Realtime Proxy Abuse Triangulation"
• In reply to: Greg Barnes: "Re: RPAT - Realtime Proxy Abuse Triangulation"
• Next in thread: Peter Kruse: "Re: Virus? Trojan?"
• Reply: Peter Kruse: "Re: Virus? Trojan?"
• Reply: Nick FitzGerald: "Re: Virus? Trojan?"
• Reply: Eric Kimminau: "Abnormally high Sub-Seven attack rate increase"
• Reply: Jonathan Rickman: "Re: Virus? Trojan?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 30 2002 - 16:19:15 PST