[Mimedefang] Password encripted zip virus.
Michael Sofka
sofkam at rpi.edu
Thu Dec 4 10:30:45 EST 2003
Just a few moments ago I said:
> P.P.S. Speaking of those error codes, this morning our logs showed 27
> rejections of wendy.zip (the name of the Mimail-L attachment) which where
> encrypted!
And, just moments later the Mimail-M patch came through. Password
encrypted wendy.zip is a variant of Mimail-L.
Now, for the really interesting part. According to:
http://www.sophos.com/virusinfo/analyses/w32mimailm.html
Mimail-M has two variants. The first is a simple variation,
now attachment name, new targets. The second, password
encrypted, form:
The second email format, which appears to have been
manually mass-mailed out, has the following characteristics:
That is, the initial spread was via spam. Which fits the pattern
on our server. All of the password encrypted versions were sent
before midnight (US EST) yesterday, and then stopped long before
the Mimail-M patch, arrived.
Mike
--
Michael D. Sofka sofkam at rpi.edu
C&CT Sr. Systems Programmer Email, TeX, epistemology.
Rensselaer Polytechnic Institute, Troy, NY. http://www.rpi.edu/~sofkam/
More information about the MIMEDefang
mailing list