[Dshield] Possible virus

Neil Richardson neilr at ieee.org
Thu Jun 20 17:51:23 GMT 2002


At 08:40 AM 6/20/2002, you wrote:
>Errhhh, who's sending vcf's
>
>This was caught by John's Sanitizer just now.............
>
>REPORT: Trapped poisoned executable "MercyMail at mindspring.com.vcf"
>REPORT: Not a document, or already poisoned by filename. Not scanned for
>macros.
>STATUS: Message quarantined in /var/spool/mail/quarantine, not delivered to
>recipient.
>
>Headers from message:
>
> > From list-admin at dshield.org  Thu Jun 20 17:35:55 2002
> > Return-Path: <list-admin at dshield.org>


    The original message was from Mercymail at mindspring.com, with the 
subject line of "[Dshield] Questions from list newbie".

    My Norton A/V (2002, definitions current as of this moment) doesn't 
report the file as infected, and it contains the following plaintext:

---------- Begin Cut 'n Paste ----------
BEGIN:VCARD
VERSION:2.1
N:;MercyMail at mindspring.com
FN:MercyMail at mindspring.com
EMAIL;PREF;INTERNET:MercyMail at mindspring.com
REV:20020620T070809Z
END:VCARD
---------- End Cut 'n Paste ----------

    My guess is that the file/message is not actually infected, but that 
your A/V program got nervous (which isn't a bad idea) when it saw the 
.com.xyz double-extension.


-Neil R.


-- 
Supreme Lord High Commander and Keeper of the Holy Potato
----------
Random thought for the day:

    WindowError:01D Unable to figure out our own code.





More information about the list mailing list