[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: New virus?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Re: New virus?
From: Sean Earp <smearp@xxxxxxx>
Date: Fri, 19 Sep 2003 12:31:53 -0700

To quote the Symantec write-up (FWIW they have some great screen shots of the virus email and installation/infection) at <http://www.sarc.com/avcenter/venc/data/w32.swen.a@xxxxxxx>

"The worm can also impersonate mail delivery failure notices, attaching itself as a randomly named executable.

One example is:

I'm sorry I wasn't able to deliver your message to one or more destinations."

On Friday, September 19, 2003, at 09:00 AM, full-disclosure-request@xxxxxxxxxxxxxxxx wrote:

Yes, it's swan virus.
--
Eero
If you meant swen, this doesn't look like swen. Nothing mentioning
micro$oft
The test of the email is :
Hi.
I'm sorry to have to inform you that I wasn't able to deliver your
message to the following addresses:
Undelivered message to rlfblncx@xxxxxxxxxxx


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] idea
Next by Date: [Full-Disclosure] Re: Verisign abusing .COM/.NET monopoly
Previous by thread: Re: [Full-Disclosure] idea (quite a bit off-topic, but....)
Next by thread: [Full-Disclosure] Re: Verisign abusing .COM/.NET monopoly
Index(es):
- Date
- Thread