Joel wrote:
What are these BMP files coming from this guy?
Well, Craig is not the kind of guy to let a virus run on his machine very long in the first place, and most viruses these days spoof the sender, so it's hard to tell where the compromised machine is.
Zou can lookup IP address of the sender from the SMTP headers included in the mail. It might not give you what you want (the ID of the hacked sucker), but it will give you a basic idea where the guy is.
But, since you ask, I just checked, and the file is only about 3Kb long, so I scanned it with the anti-virus (nothing) and then took a look at it.
(No double-clicking, of course.)
It looks like a number underlined, maybe intended for use as a graphic link.
It is a damaged W32/Bagle-Zip virus variant. The functional version sends an encrypted ZIP file with the payload (to disable AV scanners) and a BMP with the code to unlock the ZIP. The code is generated each time the file is sent.
Craig sure seems to be quiet on the users list these days.
Maybe he is on some paradise tropical island, basking in the sun... (sigh).
Nix.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
