My email server has received about 200 of a certain message since 8:30 AM PDT.
The Subject line is merely "1", the forged mailfrom is approximately the first 8 characters of the target address plus a forged domain. There is an attachment called "1.txt" and a message text body that begins on a new line "ICA=" plus three characters, the first one of which may be low-bit ASCII and the second two are high-bit. The sources include zombie networks, normal mail servers, and bounced messages from normal servers. I've sent a bunch of samples to the usual spam@ address and thought I'd make a more general posting here. My guess is that it's a new worm, and that it's broken. Incidentally, I don't think this is related to a current spam campaign in which the Subject: line includes a number inside of square brackets. I just thought I'd head off that distraction. Andrew 8) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
