|
PureBytes Links
Trading Reference Links
|
Yes, I got one of these this morning. But the attachment was named
MyMoneym.exe.
So obviously this can vary. This was what the header looked like:
Return-Path: <Sigstroker@xxxxxxxxxxx>
From: Sigstroker@xxxxxxxxxxx
Subject: Re: looking for retail day traders
Date: Fri, 19 Sep 2003 11:48:14 -0400
The From address could have come from just about anybody's address book.
For what it's worth, here's the text contained in the file:
This program cannot be run in DOS mod
oWcPm}|A9n&a
o|~xl4
aXOONB
KERNEL32.DLL
ADVAPI32.dll
MPR.dll
MSVCRT.dll
USER32.dll
WSOCK32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegCloseKey
WNetOpenEnumA
SetTimer
David
>Date: Fri, 19 Sep 2003 11:50:13 -0700
>From: List Maintainer <jimo@xxxxxxxxxx>
>To: omega-list@xxxxxxxxxx
>Subject: yet another virus alert
>
>I'm ordinarily skeptical of virus alerts and such, but this one
>seems possibly relevant to this list's membership. I don't track
>all the usual Microsoft warning sites, so forgive me if this is
>old news; these things just started arriving here this morning.
>
>The list's traps have caught several mails, all about 90K in size,
>with forged From: headers pretending to be from regular list
>contributors. The payload in all of them has been an attachment
>with name: "My Money.mny.exe"
>and Content-type: application/x-msdownload
>
>What makes these different is that the email body contains a
>six-line-or-so fragment of what sounds like a real email, probably
>borrowed from the email folders of the virus' host. The text is
>definitely trading related, and my conclusion is that these were
>sent by people receiving this list's traffic. In this particular
>case the sender(s) were all using adelphia.net accounts, fwiw.
>
>Rest assured that none of these things will ever be sent through this
>list. And don't open any attachments with the above characteristics
>on a Microsoft computer.
>
>Jim
>
>
|