[Dshield] Mail Header from Virus

Kenneth Coney superc at visuallink.com
Thu Sep 25 17:43:53 GMT 2003

Once again I notice there are different variants of varying length.  143K 
is the most common size of Swen I see, but I see some that are 140K and a 
few that are 155K.  A few somehow come in mangled with only 1K - 3K size 
left.  Most of the first day's ones I saw came in as supposedly returned 
mails with .tw as the place of origin.  Fraudulent or not, I found that 
interesting.  General rule to follow, if you don't personally know the 
sender, don't open the mail, especially if it has a 143K attachment.  :)

Subject: Re: [Dshield] Mail Header from Virus
From: Joe MacDonald <joe at deserted.net>
Date: Thu, 25 Sep 2003 10:03:47 -0400
To: General DShield Discussion List <list at dshield.org>

For anyone who is interested, there has been a veritable deluge of these
finding their way into my inbox over the last two weeks, all from
different sources, most with slightly different text in the bodies, but
all containing the same ~140k executable (the executable, of course,
always has a different mime-type and a different name).

Here are the headers from the two most recent of these messages.


More information about the list mailing list