[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re:yet another virus alert



PureBytes Links

Trading Reference Links

Yes,  I got one of these this morning.  But the attachment was named
MyMoneym.exe.
So obviously this can vary. This was what the header looked like:

Return-Path: <Sigstroker@xxxxxxxxxxx>
From:  Sigstroker@xxxxxxxxxxx
Subject:  Re: looking for retail day traders
Date: Fri, 19 Sep 2003 11:48:14 -0400

The From address could have come from just about anybody's address book.

For what it's worth,  here's the text contained in the file:

This program cannot be run in DOS mod
oWcPm}|A9n&a                         
o|~xl4                               
aXOONB                               
KERNEL32.DLL                         
ADVAPI32.dll                         
MPR.dll                              
MSVCRT.dll                           
USER32.dll                           
WSOCK32.dll                          
LoadLibraryA                         
GetProcAddress                       
ExitProcess                          
RegCloseKey                          
WNetOpenEnumA                        
SetTimer                             


David



>Date: Fri, 19 Sep 2003 11:50:13 -0700
>From: List Maintainer <jimo@xxxxxxxxxx>
>To: omega-list@xxxxxxxxxx
>Subject: yet another virus alert

>
>I'm ordinarily skeptical of virus alerts and such, but this one
>seems possibly relevant to this list's membership.  I don't track
>all the usual Microsoft warning sites, so forgive me if this is
>old news; these things just started arriving here this morning.
>
>The list's traps have caught several mails, all about 90K in size,
>with forged From: headers pretending to be from regular list 
>contributors.  The payload in all of them has been an attachment
>with name: "My Money.mny.exe"
>and Content-type: application/x-msdownload
>
>What makes these different is that the email body contains a
>six-line-or-so fragment of what sounds like a real email, probably
>borrowed from the email folders of the virus' host.  The text is
>definitely trading related, and my conclusion is that these were
>sent by people receiving this list's traffic.  In this particular
>case the sender(s) were all using adelphia.net accounts, fwiw.
>
>Rest assured that none of these things will ever be sent through this
>list.  And don't open any attachments with the above characteristics
>on a Microsoft computer.
>
>Jim
>
>