[Dshield] virus?

Coxe, John B. JOHN.B.COXE at saic.com
Tue Aug 28 00:21:58 GMT 2001

This is the SIRCAM trojan -- highly common for a month now.  The subject is
the attachment name stripped of the final attachment extension (up to the
last dot).

You obviously have a dozen friends/associates who don't run email filters or
desktop (at a minimum) antivirus shields with current definitions.  Of
course, there are lots of people in those camps as this has been sustaining
as the most prevalent worm in the wild for some time now.  AV shields are
only good if people keep updating their definitions.


-----Original Message-----
From: Toby Miller [mailto:tmiller at va.prestige.net]
Sent: Monday, August 27, 2001 3:28 PM
To: Snort-users (E-mail); dshield at dshield.org
Subject: [Dshield] virus?

Sorry for the cross listing but.....
Has anyone recieved a e-mail that changes the subject, but keeps the same

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

The file is newbiehack1_0.zip.zlg. I have recieved at least a dozen of these
e-mails in the past couple of days. BTW, the title of the file changes as


Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list