[Dshield] Possible Virus......??

Ed Truitt ed.truitt at etee2k.net
Mon Mar 18 16:13:18 GMT 2002

I hit that site from a Lynx browser, and it looks like it is Chinese
characters.  I confirmed this is most likely the case (a WHOIS lookup shows
the registrant as being in Taiwan.)

I didn't see any indication of an actual download, so my guess is that your
browser was trying to d/l the fonts required.

BTW, I have gotten quite a few HTML emails which look like "binary" code
recently.  I am going to start looking at them outside of OE (in Netscape or
one of the semi-graphical Linux email clients) to see if I can find out just
exactly what they are about.  I am ready to institute a rule, however, that
BINARY email gets deleted automatically.  When it comes to email, I want to
see the Source!

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "James Jarvis" <james.jarvis at quest-media.com>
To: <list at dshield.org>
Sent: Monday, March 18, 2002 9:07 AM
Subject: RE: [Dshield] Possible Virus......??

> Hi,
> I just asked the person that had it and they deleted it so I can't get
> of the source again. I had a look earlier, and it was code sending you to
> website. If you goto http://www.callin.net it will commence the download
> something. If anyone has a machine that they use to test stuff on and is
> going to affect a network atc. just go there and see what happens!

More information about the list mailing list