From: Kris K. <kr...@ma...> - 2002-04-01 00:26:10
|
Or more importantly, don't use insecure email clients. If you really have to use Windows, there is a plethora of other mail clients available that are secure. Kris >Hey folks- > >Yesterday, I received a message containing a virus. I didn't examine the >binary payload, but the message style was sort of like W32.BadTrans.B@MM >("empty" body with just an IFRAME that embeds the attachment to try to >get Outlook to execute it). It was also different in the following ways: > >1. long gibberish Subject instead of "Re:": > > > =F3=FB^A^P\234^Oplankeykeydesktopthumbs=CD=F8=D6=B7keykey=D1=F9=C6=B7=D1= =F9=C6=B7=CD=F8=D6=B7thumbsthumbsadressadress=CD=F8=D6=B7adressdesktop=CD=F8= =D6=B7adress=CD=F8=D6=B7desktop=CD=F8=D6=B7=CD=F8=D6=B7=D1=F9=C6=B7desktopth= umbsthumbsadress=D1=F9=C6=B7=D1=F9=C6=B7desktop=CD=F8=D6=B7desktop=D1=F9=C6= =B7thumbs=CD=F8=D6=B7planthumbs > >2. "Slava Pestov <sl...@je...>" as the "From:" header(!). Normally, >W32.BadTrans.B@MM sends itself out with a fake From address or the From >address from the local SMTP settings. This either means that somebody >beside Slava had "Slava Pestov <sl...@je...>" as their From address >in their SMTP settings or that this is a new virus or variant. > >Watch out. |