Royce Williams wrote: > Our customer base got hit today with a virus that slipped through > via some wily obfuscation that I hadn't seen before. What it does, > in a nutshell, is a base64-encoded .hta file that has VBScript in it > to convert a long string of hex into a binary, store it in your > system32 directory, and run it.
What was the (possibly HTML) text of the message itself (aside from the virus content)? Several customers here reported seeing a message that claimed to be from our (old) billing department, noting that if they did not open the attachment their Internet service would be disconnected within 24 hours. Yesterday one of these got quarantined on the filter server here because clamav tagged the virus (Trojan.VBS.Inor.U). Another few have been quarantined since I checked yesterday; I wanted to see roughly how many of these would show up. -kgd -- "Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken." - Unknown _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang