[Dshield] RE: new email threat?

ALEPH0 aleph0 at pacbell.net
Fri Aug 1 17:59:05 GMT 2003


It has its own mailer and sends from admin at domain where domain is the exact
same one as the recipient address, to make it look like serious local
business.  It's all over the place, particularly *.gov and *.mil.  The
attachment is message.zip, inclusing foo.exe.

> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
> Behalf Of Hill, Keith
> Sent: Friday, August 01, 2003 10:10 AM
> To: 'list at dshield.org'
> Subject: [Dshield] RE: new email threat?
>
>
> Trend is reporting this as:
> WORM_MIMAIL.A
> and Symantec has also just posted information someone told me.  It looks
> like current definitions are not catching this at all so beware!
>
> >  -----Original Message-----
> > From: 	Hill, Keith
> > Sent:	Friday, August 01, 2003 1:06 PM
> > To:	'list at dshield.org'
> > Subject:	new email threat?
> >
> > I'm being bombarded with emails with the following message:
> >
> > Subject: your account maemddxd
> > Importance: High
> >
> > Hello there,
> >
> > I would like to inform you about important information regarding your
> > email address. This email address will be expiring.
> > Please read attachment for details.
> > ---
> > Best regards, Administrator
> > maemddxd
> >
> > There is an attachment, a zip with an html script embedded in
> it.  I don't
> > want to send it as it may be malware.  When run it creates a blank web
> > page but the code is 16 KB and contains compiled code and several
> > references that use either "moo ha ha" or "foo.exe" in the script.  Has
> > anyone else seen this?
> >
> > Keith
> >
> > Keith Hill
> > kjhill at cox.net
> > (703) 599-8133
> > ==========
> > This message is for the designated recipients only and may contain
> > sensitive or confidential information. If you have received this message
> > in error, please notify the sender immediately and delete the
> original and
> > all copies. If you received this message in error or are not a
> designated
> > recipient, information in this message should not be disclosed
> and any use
> > of the information is prohibited.
> > ==========
> >
> >
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list