Outlook virus again.
From: Kayne Ian (Softlab) (Ian.Kayne@softlab.co.uk)Date: 09/19/01
- Previous message: Carolyn Meinel: "wuftpd 2.6.1 advisory/exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <CDD7435C5120D511870B00805F6FED1D91F8BB@birexm01.uk.softlab.net> From: "Kayne Ian (Softlab)" <Ian.Kayne@softlab.co.uk> To: Vuln-Dev <VULN-DEV@SECURITYFOCUS.COM> Subject: Outlook virus again. Date: Wed, 19 Sep 2001 08:31:25 +0100
> Hey all,
> I'm having fun with Outlook recently, I'm beginning to wonder if
> there's something funny on my system that needs a rebuild. Anyway,
> attached is an email I received. Very obviously a virus, be careful with
> it. It does some strange behaviour:
>
> - Opening the message brings up prompts that insinuate the (er?!?) email
> is trying to download something from the net
> - Without opening the email, and doing file-save in Outlook causes some
> corruption of Outlook GUI & bad filenames.
>
> It's also got part of a reg key in the subject.
>
> I hexed it, it's got an exe attached to it, and does look a bit wierd. The
> exe doesn't show up as an attachment, but it's there inside the mail.
>
> What worries me more is this one skipped by the mailscanner it came
> through, the normal viruschecker when saved to hd, and the problem
> happened on both my and a users machine (mine with all the up to date
> patches).
>
> Just looking for someone to say "Yes it's the old one that came out last
> year", or confirm it's something new... Either way I'll know where I
> stand.
>
Note: BlueBoar asked me to add a password to the attached zip file, the
password is "outl0ok", thats all lower case, zero for the second o.
As stolen from someone else: "Outlook not so good" - that Magic 8 Ball knows
everything, I'll ask it about Exchange server next...
> Cheers!
>
> Ian Kayne
> Technical Specialist - IT Solutions
> Softlab Ltd - A BMW Company
>
>
> <<Nasty.zip>>
>
>
********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.
If you are not the intended recipient or the person responsible for
delivering to the intended recipient, be advised that you have received
this email in error and that any use of the information contained within
this email or attachments is strictly prohibited.
Internet communications are not secure and Softlab does not accept
any legal responsibility for the content of this message. Any opinions
expressed in the email are those of the individual and not necessarily
those of the Company.
If you have received this email in error, or if you are concerned with
the content of this email please notify the IT helpdesk by telephone
on +44 (0)121 788 5480.
********************************************************************
- application/octet-stream attachment: Nasty.zip
- Previous message: Carolyn Meinel: "wuftpd 2.6.1 advisory/exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
