Outlook virus again.

From: Kayne Ian (Softlab) (Ian.Kayneat_private)
Date: Wed Sep 19 2001 - 00:31:25 PDT

Next message: Roelof: "the better worm tutorial"

Previous message: Carolyn Meinel: "wuftpd 2.6.1 advisory/exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hey all,
> 	I'm having fun with Outlook recently, I'm beginning to wonder if
> there's something funny on my system that needs a rebuild. Anyway,
> attached is an email I received. Very obviously a virus, be careful with
> it. It does some strange behaviour:
> 
> - Opening the message brings up prompts that insinuate the (er?!?) email
> is trying to download something from the net
> - Without opening the email, and doing file-save in Outlook causes some
> corruption of Outlook GUI & bad filenames.
> 
> It's also got part of a reg key in the subject.
> 
> I hexed it, it's got an exe attached to it, and does look a bit wierd. The
> exe doesn't show up as an attachment, but it's there inside the mail.
> 
> What worries me more is this one skipped by the mailscanner it came
> through, the normal viruschecker when saved to hd, and the problem
> happened on both my and a users machine (mine with all the up to date
> patches).
> 
> Just looking for someone to say "Yes it's the old one that came out last
> year", or confirm it's something new... Either way I'll know where I
> stand.
> 
Note: BlueBoar asked me to add a password to the attached zip file, the
password is "outl0ok", thats all lower case, zero for the second o. 

As stolen from someone else: "Outlook not so good" - that Magic 8 Ball knows
everything, I'll ask it about Exchange server next...

> Cheers!
> 
> Ian Kayne
> Technical Specialist - IT Solutions
> Softlab Ltd - A BMW Company
> 
> 
>  <<Nasty.zip>> 
> 
> 
******************************************************************** 
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom 
they are addressed. 

If you are not the intended recipient or the person responsible for 
delivering to the intended recipient, be advised that you have received 
this email in error and that any use of the information contained within 
this email or attachments is strictly prohibited. 

Internet communications are not secure and Softlab does not accept 
any legal responsibility for the content of this message. Any opinions 
expressed in the email are those of the individual and not necessarily 
those of the Company. 

If you have received this email in error, or if you are concerned with 
the content of this email please notify the IT helpdesk by telephone 
on +44 (0)121 788 5480. 

********************************************************************

application/octet-stream attachment: Nasty.zip

Next message: Roelof: "the better worm tutorial"
Previous message: Carolyn Meinel: "wuftpd 2.6.1 advisory/exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 08:24:58 PDT