[Gllug] New worm doing the rounds?

Alistair Mann alistair at lgeezer.net
Mon Feb 9 17:09:51 UTC 2004

Hash: SHA1

Thus spaketh Richard Jones on Monday 09 February 2004 2:24 pm:
> Attachments containing:
> Content-id: <000000000000000>
> Content-type: audio/x-wav; name=__warn.txt
> Content-transfer-encoding: base64
> Content-disposition: attachment; filename=__warn.txt
> (followed by a few lines of base64 encoded data and about 17,000
> blank lines).
> Is this a new worm?  It seems different in size from previous Windoze
> crap.

How many is a few? I'm not sure a virus can pack itself into so small a space. 
Perhaps when unencoded, it reveals a link to a virus instead? Or perhaps 
whatever generated the email fscked it up copying 17,000 lines of /dev/null.

> <rant mode="angry">
> Don't you think these "anti-virus" vendors could stop sending me emails
> like this:
>  "We have detected [Windoze worm which is well-known to fake the From:
>   header] in an email you sent to [email address I have never heard of]"
> It really is just plain stupid.  If you know what the worm is, then
> you know it fakes the From header, so don't send a bounce.

It is a sport. 10 points for every AOLer who replies "But my machine is 
clean", 30 points if a WebTVer manages to send an email of any description 
whatsoever, 1 point each otherwise  :-)
- -- 
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: As seen at http://search.keyserver.net


Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list