On Mon, 30 Dec 2002, David Gillett wrote: > So far today, I've received two email messages from > > kbl-zrz2519.zeelandnet.nl [62.238.233.233] > > which, apparently, claimed in its HELO message to *be* > our local MX (which of course was who it was talking TO). > Sounds to me like a bug in the sending software. > > The other thing these messages had in common was a > 33KB .scr ("screen saver") executable attachment. > Norton doesn't recognize this as a known threat, but > I don't want to be the first to learn the hard way what > it does. > > MAYBE this is just ill-conceived and poorly-written > spam. Maybe it's something more serious. Anybody know > one way or the other? > Consider yourself lucky. I received over 3000 over a 24 hour period this weekend. It seems to be spreading more rapidly as of late. Possibly a variant? -- Jonathan Rickman X Corps Security http://www.xcorps.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:52:52 PST