l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2004 Mar 03 10:49

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] Viruses
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] Viruses



On Wednesday 03 March 2004 10:06 am, Robert G. Scofield wrote:
> On Wednesday 03 March 2004 09:43, Peter Jay Salzman wrote:
> >
> > ps- is there a new virus?  all of a sudden, starting from last night
> > i've gotten a huge ton of emails that say things like:
> >
> >    Arggghh, I hate plaintext!
> >
> >    Here is your excel file.
> >
> >    I don't bite, weah!
> >
> >    Your file is attached.
> >
> > i normally don't see viruses because i filter based on executable
> > strings in every win32 executable.  but these viruses seem to be
> > carrying .zip and .pif payloads which are getting past my filter.
> 
> I just got a message from "lugod@livepenguin.com" with an apparent zip file 
> attached.  Here's what it says:
> 
> "Looking  forward for  a response :P
>  
> password: 17468
> AttachedFile.zip"
> 
> Does anyone know what this is all about?

"From" headers in virus emails are almost always forged.
If you think it really came from the list, send me all the
headers from the message (do not include the payload or
your message will most likely be rejected).

I've noticed a whole bunch of unique zip files in these
messages recently.  For anyone interested, here is my
current list of Postfix body checks, which is growing daily:

/^TV[nopqr]....[AB]..A.A....*AAAA...*AAAA/ REJECT Microsoft executable attachments are not allowed here.
/^M35[GHIJK].`..`..*````/                  REJECT Microsoft executable attachments are not allowed here.
/^UEsDBAoAAAAAA.....DKJx\+eAFgAAABYAA/ REJECT Attached zip file is a virus (1).
/^UEsDBAoAAAAAA.....CwFOBrAlgAAAJYAA/  REJECT Attached zip file is a virus (2).
/^UEsDBAoAAAAAA.....BdbrAiAFYAAABWAA/  REJECT Attached zip file is a virus (3).
/^UEsDBAoAAAAAA.....BkjKgF7YcAAO2HAA/  REJECT Attached zip file is a virus (4).
/^UEsDBAoAAAAAA.....D72n6\/7YcAAO2HAA/ REJECT Attached zip file is a virus (5).
/^UEsDBAoAAAAAA.....CqcvrHAVYAAAFWAA/  REJECT Attached zip file is a virus (6).
/^UEsDBAoAAAAAA.....BMC61l7YcAAO2HAA/  REJECT Attached zip file is a virus (7).
/^UEsDBAoAAAAAA.....BKH8ydAD4AAAA\+AA/ REJECT Attached zip file is a virus (8).
/^UEsDBAoAAAAAA.....BiZMYWCWMAAAljAA/  REJECT Attached zip file is a virus (9).
/^UEsDBAoAAQAAA.....B7DBL7KlIAAB5SAA/  REJECT Attached zip file is a virus (10).
/^UEsDBAoAAAAAA.....DcIq\+BCIcAAAiHAA/ REJECT Attached zip file is a virus (11).
/^UEsDBAoAAAAAA.....BXRG0y8ocAAPKHAA/  REJECT Attached zip file is a virus (12).
/^UEsDBAoAAAAAA.....CBoWs\/7YcAAO2HAA/ REJECT Attached zip file is a virus (13).
/^UEsDBAoAAQAAA.....BVpTuMtFAAAKhQAA/  REJECT Attached zip file is a virus (14).
/^UEsDBAoAAAAAA.....B78bObV0IAAFdCAA/  REJECT Attached zip file is a virus (15).
/^UEsDBAoAAAAAA.....AedXfJCIcAAAiHAA/  REJECT Attached zip file is a virus (16).
/^UEsDBAoAAQAAA.....CRGduw\/VQAAPFUAA/ REJECT Attached zip file is a virus (17).
/^UEsDBAoAAAAAA.....DpTnai4UYAAOFGAA/  REJECT Attached zip file is a virus (18).

-- Rod
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.