[ale] brochure 2000=VIRUS

phrostie pfrostie at yahoo.com
Tue Jul 24 18:35:50 EDT 2001 

been there, got one, but mine was called "rolodex.doc.bat"



On Tuesday 24 July 2001 03:45, you wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> There is a Windows email virus that seems to have started spreading
> again Monday, July 23, 2001.  Note the subject of "2000 brochure".
> Don't even think about opening this email on a Windows system.  Just
> delete it and notify your SysAdmin.
>
> > It's the W32/SirCam virus
> >
> > I've gotten about 5 copies today.
> >
> > Nasty - wipes your hard drive, sends itself to many people
> > in your address book.
> >
> >
> > -----Original Message-----
> > From: Bob Toxen at cavu.com [mailto:bob at cavu.com]
> > Sent: Tuesday, July 24, 2001 12:50 AM
> > Subject: Email virus at XXX
> >
> >
> > I just got the following email from a company that a friend works at.
> > I suspect that it is a virus and left him voice mail at work and email
> > at home.  You may recognize it (I don't but I'm behind in my Winbloz
> > vulnerability worrying) or it may be new.
> >
> > XXX,
> >
> > I received the following email that may have been from you.  (I don't
> > know anyone else at XXX.)
> >
> > It looks suspiciously like an email virus, in which case the sending
> > system has been compromised and needs repair.  This probably means saving
> > any recent data, restoring from backup, carefully re-adding the recent
> > data without adding the compromise, and then installing all applicable
> > security patches.
> >
> > I do this for living for Linux and Unix systems but not Windows or NT
> > systems.  I may be able to recommend a frient who does, however.
> >
> > The following is how the email starts off (I've edited out any possible
> >
> > virus):
> > > From: "XXX Company"<XXX at mindspring.com>
> > > To: bob at cavu.com
> > > Subject: 2000 brochure
> > > date: Mon, 23 Jul 2001 23:14:56 -0500
> > > Content-Disposition: Multipart message
> > >
> > > ------25E92E9C_Outlook_Express_message_boundary
> > > Content-Type: text/plain; charset=ISO-8859-1
> > > Content-Transfer-Encoding: quoted-printable
> > > Content-Disposition: message text
> > >
> > > Hi! How are you=3F
> > >
> > > I send you this file in order to have your advice
> > >
> > > See you later=2E Thanks
> > >
> > > ------25E92E9C_Outlook_Express_message_boundary
> > > Content-Type: application/mixed; name="2000 brochure.doc.pif"
> > > Content-Transfer-Encoding: base64
> > > Content-Disposition: attachment;  filename="2000 brochure.doc.pif"
> > >
> > > TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > >A
> > > AAAAAAAAAAEAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5
> > >k
> > > ZXIgV2luMzINCiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > >A
>
> Bob Toxen, CTO
> Fly-By-Day Consulting, Inc.           "Experts in Linux & UNIX security"
> +1 770-662-8321 Office
> +1 404-216-51oo Cell 24x7
> bob at cavu.com
> http://www.cavu.com                   [Linux & UNIX Consulting]
> http://www.realworldlinuxsecurity.com [My 5* book: Real World Linux
> Security] http://www.cavu.com/sunset.html       [Sunset Computer]
> Quality Linux & UNIX security and software consulting since 1990.
>
> GPG Public key available at http://www.cavu.com/pubkey.txt (book at cavu.com)
>   and at http://pgp5.ai.mit.edu/pks-commands.html#extract
> pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book at cavu.com>
>      Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
> sub  2048g/03FFCCB9 2000-06-21
> From: "Mike O'Shaughnessy" <mikeo at cmpsolv.com>
> To: "Bob Toxen at cavu.com" <bob at cavu.com>
> Subject: RE: Email virus at XXX
> Date: Tue, 24 Jul 2001 02:04:18 -0400
>
> It's the W32/SirCam virus
>
> I've gotten about 5 copies today.
>
> Nasty - wipes your hard drive, sends itself to many people
> in your address book.
>
>
> - - -----Original Message-----
> From: Bob Toxen at cavu.com [mailto:bob at cavu.com]
> Sent: Tuesday, July 24, 2001 12:50 AM
> To: mikeo at cmpsolv.com; ozy at applianceware.com
> Subject: Email virus at XXX
>
>
> I just got the following email from a company that a friend works at.
> I suspect that it is a virus and left him voice mail at work and email
> at home.  You may recognize it (I don't but I'm behind in my Winbloz
> vulnerability worrying) or it may be new.
>
> XXX,
>
> I received the following email that may have been from you.  (I don't
> know anyone else at XXX.)
>
> It looks suspiciously like an email virus, in which case the sending
> system has been compromised and needs repair.  This probably means saving
> any recent data, restoring from backup, carefully re-adding the recent
> data without adding the compromise, and then installing all applicable
> security patches.
>
> I do this for living for Linux and Unix systems but not Windows or NT
> systems.  I may be able to recommend a frient who does, however.
>
> The following is how the email starts off (I've edited out any possible
>
> virus):
> > From: "XXX Company"<XXX at mindspring.com>
> > To: bob at cavu.com
> > Subject: 2000 brochure
> > date: Mon, 23 Jul 2001 23:14:56 -0500
> > Content-Disposition: Multipart message
> >
> > ------25E92E9C_Outlook_Express_message_boundary
> > Content-Type: text/plain; charset=ISO-8859-1
> > Content-Transfer-Encoding: quoted-printable
> > Content-Disposition: message text
> >
> > Hi! How are you=3F
> >
> > I send you this file in order to have your advice
> >
> > See you later=2E Thanks
> >
> > ------25E92E9C_Outlook_Express_message_boundary
> > Content-Type: application/mixed; name="2000 brochure.doc.pif"
> > Content-Transfer-Encoding: base64
> > Content-Disposition: attachment;  filename="2000 brochure.doc.pif"
> >
> > TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > AAAAAAAAAAEAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5k
> > ZXIgV2luMzINCiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
> Bob Toxen, CTO
> Fly-By-Day Consulting, Inc.           "Experts in Linux & UNIX security"
> +1 770-662-8321 Office
> +1 404-216-5100 Cell 24x7
> bob at cavu.com
> http://www.cavu.com                   [Linux & UNIX Consulting]
> http://www.realworldlinuxsecurity.com [My 5* book: Real World Linux
> Security] http://www.cavu.com/sunset.html       [Sunset Computer]
> Quality Linux & UNIX security and software consulting since 1990.
>
> GPG Public key available at http://www.cavu.com/pubkey.txt (book at cavu.com)
>   and at http://pgp5.ai.mit.edu/pks-commands.html#extract
> pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book at cavu.com>
>      Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
> sub  2048g/03FFCCB9 2000-06-21
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE7XSUZltNTPeOhxUARAj1lAJ4icXf+c7bMJOVV/xUe4twNwLwl/wCgnX65
> r3oEcoTSUDLC5PEiXYLDJd0=
> =nWnt
> -----END PGP SIGNATURE-----
>
> Bob Toxen
> transam at cavu.com                       [Bob's ALE Bulk email]
> bob at cavu.com                           [Please use for email to me]
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
> body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list