On Tue, 2004-07-20 at 09:34, Chuqui wrote: > >Animals > > Password:
One of my listserv lists got one of these - and it came from an alias of mine that, literally, had not been used in probably 10 years - it was still an alias that could be used to post to the list. It came from a machine in Vietnam. This almost certainly means that there is a virus out there that is going after list memberships and then getting those responses and forging a posting from one of the addresses it finds that is not shielded and can post to the list. This allows it to bypass the "members only" list posting. The gif is the password - this is used because some of the virus screeners were trying to use every word in the note as a password to unscramble the zip and then, when and if it unscrambled, to then do the signature verification. This is at least partially because people were telling some of their customers that if they really had to send an exe to someone else, to zip it first. This one apparently came from an infected machine at Cornell. Someone said a similar attack was W32Beagle. I have not checked this one. -- Blog: http://majordomo.squawk.com/njs/blog/blogger.html Atom: http://majordomo.squawk.com/njs/blog/atom.xml RSS: http://majordomo.squawk.com/njs/blog/atom.rdf
