Linux virus or forged address?
Tom 'Needs A Hat' Mitchell
mitch48 at sbcglobal.net
Mon Apr 12 19:26:09 UTC 2004
On Mon, Apr 12, 2004 at 11:37:37AM -0700, Jonathan Ryshpan wrote:
>
> I recently received the following bounce message for a message I never
> sent.
>
> -----Forwarded Message-----
> From: MAILER-DAEMON at admin.thenth.com
....
> This is a multi-part message in MIME format.
....
> filename="disco_party.zip"
This is almost certainly virus that is forging addresses. The zip file
contains a virus exe file with a name that hides the exe part at the
end of a LONG list of blanks so it look innocuous.
Delete it!
(or perhaps isolate and encrypt the message so it does not get seen by
Wine/WindowZ and get executed).
Apparently someone on this list has an infected computer and the virus
is pounding its way through all the addresses it can find. It seems
to be sending fresh copies out to and impersonating any email address
it finds. In one case the message looks like a bounce but was
targeted at me.
Because of the way the simple mail transport engine works in the virus
SPAM tools may well notice it as 'trouble'
Of interest searches on symantec and other sites do not find this one yet
as best I can tell.
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
More information about the fedora-list
mailing list