Re: Has Sven mutated?
From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 09/22/03
- Next message: Bill Sanderson: "Re: unable to run regedit"
- Previous message: Bill Sanderson: "Re: Some post's don't show up on board???"
- In reply to: charles kuchar: "Has Sven mutated?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Sep 2003 17:47:48 -0400
This looks like standard Swen.
It has a very long list of variations, and uses random names for the
executable.
"charles kuchar" <charlie@delasallecenter.org> wrote in message
news:OWWhkbUgDHA.696@TK2MSFTNGP09.phx.gbl...
> Installed the latest McAfee from late Thursday. Picked up Sven right
away.
> Probably had several hundred emails come in to me as the system engineer.
> Now i just got one of the Microsoft Security Patches that it didn't see a
> virus in but it does have an attachment that was blocked by Outlook.
Hmmmm.
> Just in case anyone is interested i have included the header information.
> charlie
>
> Microsoft Mail Internet Headers Version 2.0
> Received: from rwcrmhc12.comcast.net ([216.148.227.85]) by
> Delaserver3.delasalle.k12.mo.us with Microsoft SMTPSVC(5.0.2195.5329);
> Mon, 22 Sep 2003 14:55:55 -0500
> Date: Mon, 22 Sep 2003 19:54:06 +0000 (GMT)
> X-Comment: Sending client does not conform to RFC822 minimum requirements
> X-Comment: Date has been added by Maillennium
> Received: from yulr (12-207-138-36.client.attbi.com[12.207.138.36])
> by comcast.net (rwcrmhc12) with SMTP
> id <2003092219540501400l2df1e>; Mon, 22 Sep 2003 19:54:05 +0000
> FROM: "Internet Security Department" <ksczvjky_tkeynusu@confidence.com>
> TO: "Partner" <vnfgsix_qvpziser@confidence.com>
> SUBJECT: Last Microsoft Critical Upgrade
> Mime-Version: 1.0
> Content-Type: multipart/mixed; boundary="fionmzatohum"
> Return-Path: mary.christopher@comcast.net
> Message-ID: <DELASERVER3foV1qdii00000057@Delaserver3.delasalle.k12.mo.us>
> X-OriginalArrivalTime: 22 Sep 2003 19:55:55.0151 (UTC)
> FILETIME=[88A061F0:01C38143]
>
> --fionmzatohum
> Content-Type: multipart/related; boundary="dzxhbdji";
> type="multipart/alternative"
>
> --dzxhbdji
> Content-Type: multipart/alternative; boundary="mssmzedkfjii"
>
> --mssmzedkfjii
> Content-Type: text/plain
> Content-Transfer-Encoding: quoted-printable
>
> --mssmzedkfjii
> Content-Type: text/html
> Content-Transfer-Encoding: quoted-printable
>
>
>
>
- Next message: Bill Sanderson: "Re: unable to run regedit"
- Previous message: Bill Sanderson: "Re: Some post's don't show up on board???"
- In reply to: charles kuchar: "Has Sven mutated?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
