[unisog] New virus worm [gibberish mail with attached gif]??
honeycutt at unca.edu
Thu Mar 23 15:38:40 GMT 2006
I've seen similar messages. As far as I can tell, it is just a new
form of spam. The gibberish in the body of the email seems designed
to make people curious. Likewise, the attachments I've seen generally have
names like "Ooops" and "Sorry" which I also assume is to make people
open the attachment.
Does anyone have any additional information?
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Reg Quinton
Sent: Thursday, March 23, 2006 9:47 AM
To: unisog at lists.sans.org
Subject: [unisog] New virus worm [gibberish mail with attached gif]??
I wonder if anyone knows what's going on. We've seen a number of systems
start spewing e-mail (most on resnet). When this happens they're quickly
isolated. I've seen some of the mail they were spewing (AOL kindly bounces
it back as spam) and have received the same mail from other sites around the
world (I assume therefore a massing mailing worm of some sort and not a
The mail is multipart mime, seems to have been generated by Microsoft
Outlook Express, with a forged Received header (for the same network),
forged From: (off site address), random gibberish Subject and content using
real English words (in both plain text and html) and an attached .gif with
I assume the gif is malicious -- else why would they send it and why am I
seeing machines spewing mail?
The mail is getting past our ClamAV mail checker (it's getting to my
mailbox) and Norton/Symantec AV on the workstation so it doesn't *look*
malicious... my guess is it must be.
Anyone seen this or something similar?
I am, Reg Quinton <reggers at ist.uwaterloo.ca>
Senior Technologist, Security
Information Systems and Technology
University of Waterloo, 200 University Ave W
Waterloo, Ontario N2L 3G1 Canada
+1 519 888-4567x6070
unisog mailing list
unisog at lists.sans.org
More information about the unisog