OT-Re: Question on email virus in Outlook Express

Mon Apr 1 15:19:38 CST 2002

This is a little off-topic, but somewhat related to this issue.  Has 
anyone noticed that some files played with Windows media player can 
cause web pages to open?  Can other applications be called from the 
media player?  Maybe I'm seeing a correlation between isolated events, 
but if what I think is happening is correct, this is an insane 
security/privacy issue.

Brian Densmore wrote:

>Also the from domain doesn't appear to exist. Probably a spoofed
>address.
>I couldn't resolve a name in the address space. The mail came from an
>unnamed mail server; not sure how that is possible. Also this doesn't
>look like an html e-mail. It looks like a M$ virus file. Note the
>multipart/alternative format. Very common attack method. Although it
>could be some binary file like realplayer or something (still, I doubt
>it).
>
>Brian
>
>>-----Original Message-----
>>From: hanasaki [mailto:hanasaki at hanaden.com]
>>Sent: Sunday, March 31, 2002 8:29 AM
>>To: KCLUG (E-mail)
>>Subject: Question on email virus in Outlook Express
>>
>>
>>The below showed up in my email logs the other day.  Could someone 
>>please help?  Is this a known virus?  What is it?
>>
>>==========================================
>>2002-03-29 01:51:15 16qrAG-0001bN-00 rejected from 
>>(hawk.chinabyte.com) 
>>[211.167
>>.73.209]: there is no valid sender in any header line 
>>(envelope sender 
>>is <nobod
>>y2 at chinabyte.com>)
>>Recipients: hanasaki at hanaden.com
>>P Received: from [211.167.73.209] (helo=hawk.chinabyte.com)
>>         by portal with smtp (Exim 3.33 #3 (Debian))
>>         id 16qrAG-0001bN-00
>>         for <hanasaki at hanaden.com>; Fri, 29 Mar 2002 01:51:12 -0600
>>P Received: (qmail 3867 invoked from network); 29 Mar 2002 
>>05:48:51 -0000
>>P Received: from unknown (HELO ??????) (211.158.14.81)
>>   by 0 with SMTP; 29 Mar 2002 05:48:51 -0000
>>R Reply-To: "<C3><B4><C3><B4><C3><DB>"<<C3><B4><C3><B4><C3><DB>>
>>F From: "<C3><B4><C3><B4><C3><DB>"<<C3><B4><C3><B4><C3><DB>>
>>T To: han at 263.net
>>   Subject: 
>><B6><D4>263<C3><E2><B7><D1><D3><CA><BC><FE><B2><BB><D4><D9><D3><D0>
>><B5><C4><B9><D8><D7><A2><A3><AC><CF><EB><D4><F5><C3><B4><D7><F
>>6><BE><CD><D4><F5>
>><C3><B4><D7><F6><A3><A1>
>>   Date: Fri,29 Mar 2002 13:35:57 +0800
>>* Return-Path: "<C3><B4><C3><B4><C3><DB>"<<C3><B4><C3><B4><C3><DB>>
>>   X-Mailer: Microsoft Outlook Express
>>   Content-Type: multipart/related;
>>         boundary="----=_NextPart_000_0011_01C1D2D6.5DEEF420";
>>         type="multipart/alternative"
>>   X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>I Message-Id: <E16qrAG-0001bN-00 at portal>
>>
>>-- 
>>= hanasaki at hanaden.com                                          =
>>=     Spam : Unhealthy and High in Sodium and Cholesterol       =
>>
>>
>>
>>majordomo at kclug.org
>>
>
>
>