On Mon, 30 Dec 2002, David Gillett wrote:
> So far today, I've received two email messages from
>
> kbl-zrz2519.zeelandnet.nl [62.238.233.233]
>
> which, apparently, claimed in its HELO message to *be*
> our local MX (which of course was who it was talking TO).
> Sounds to me like a bug in the sending software.
>
> The other thing these messages had in common was a
> 33KB .scr ("screen saver") executable attachment.
> Norton doesn't recognize this as a known threat, but
> I don't want to be the first to learn the hard way what
> it does.
>
> MAYBE this is just ill-conceived and poorly-written
> spam. Maybe it's something more serious. Anybody know
> one way or the other?
>
Consider yourself lucky. I received over 3000 over a 24 hour period this
weekend. It seems to be spreading more rapidly as of late. Possibly a
variant?
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:52:52 PST