OT-Re: Question on email virus in Outlook Express
Brian Densmore
DensmoreB at ctbsonline.com
Mon Apr 1 15:39:11 CST 2002
"It's not Windows Media Player. Windows media player is an integral part
of
Windows. It cannot be removed without spending billions and billions of
hours and dollars. It can open other programs to make life easier for
desktop users. So we can track user preferences and help them manage
passwords and credit card numbers and such. For the users own
protection, we hid this level of sophistication."
William F. "Sauron" Gates
> -----Original Message-----
> From: Marvin Bellamy [mailto:Marvin.Bellamy at innovision.com]
> Sent: Monday, April 01, 2002 9:27 AM
> Cc: KCLUG (E-mail)
> Subject: OT-Re: Question on email virus in Outlook Express
>
>
> This is a little off-topic, but somewhat related to this issue. Has
> anyone noticed that some files played with Windows media player can
> cause web pages to open? Can other applications be called from the
> media player? Maybe I'm seeing a correlation between
> isolated events,
> but if what I think is happening is correct, this is an insane
> security/privacy issue.
>
> Brian Densmore wrote:
>
> >Also the from domain doesn't appear to exist. Probably a spoofed
> >address.
> >I couldn't resolve a name in the address space. The mail came from an
> >unnamed mail server; not sure how that is possible. Also this doesn't
> >look like an html e-mail. It looks like a M$ virus file. Note the
> >multipart/alternative format. Very common attack method. Although it
> >could be some binary file like realplayer or something
> (still, I doubt
> >it).
> >
> >Brian
> >
> >>-----Original Message-----
> >>From: hanasaki [mailto:hanasaki at hanaden.com]
> >>Sent: Sunday, March 31, 2002 8:29 AM
> >>To: KCLUG (E-mail)
> >>Subject: Question on email virus in Outlook Express
> >>
> >>
> >>The below showed up in my email logs the other day. Could someone
> >>please help? Is this a known virus? What is it?
> >>
> >>==========================================
> >>2002-03-29 01:51:15 16qrAG-0001bN-00 rejected from
> >>(hawk.chinabyte.com)
> >>[211.167
> >>.73.209]: there is no valid sender in any header line
> >>(envelope sender
> >>is <nobod
> >>y2 at chinabyte.com>)
> >>Recipients: hanasaki at hanaden.com
> >>P Received: from [211.167.73.209] (helo=hawk.chinabyte.com)
> >> by portal with smtp (Exim 3.33 #3 (Debian))
> >> id 16qrAG-0001bN-00
> >> for <hanasaki at hanaden.com>; Fri, 29 Mar 2002 01:51:12 -0600
> >>P Received: (qmail 3867 invoked from network); 29 Mar 2002
> >>05:48:51 -0000
> >>P Received: from unknown (HELO ??????) (211.158.14.81)
> >> by 0 with SMTP; 29 Mar 2002 05:48:51 -0000
> >>R Reply-To: "<C3><B4><C3><B4><C3><DB>"<<C3><B4><C3><B4><C3><DB>>
> >>F From: "<C3><B4><C3><B4><C3><DB>"<<C3><B4><C3><B4><C3><DB>>
> >>T To: han at 263.net
> >> Subject:
> >><B6><D4>263<C3><E2><B7><D1><D3><CA><BC><FE><B2><BB><D4><D9><D3><D0>
> >><B5><C4><B9><D8><D7><A2><A3><AC><CF><EB><D4><F5><C3><B4><D7><F
> >>6><BE><CD><D4><F5>
> >><C3><B4><D7><F6><A3><A1>
> >> Date: Fri,29 Mar 2002 13:35:57 +0800
> >>* Return-Path: "<C3><B4><C3><B4><C3><DB>"<<C3><B4><C3><B4><C3><DB>>
> >> X-Mailer: Microsoft Outlook Express
> >> Content-Type: multipart/related;
> >> boundary="----=_NextPart_000_0011_01C1D2D6.5DEEF420";
> >> type="multipart/alternative"
> >> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
> >>I Message-Id: <E16qrAG-0001bN-00 at portal>
> >>
> >>--
> >>= hanasaki at hanaden.com =
> >>= Spam : Unhealthy and High in Sodium and Cholesterol =
> >>
> >>
> >>
> >>majordomo at kclug.org
> >>
> >
> >
> majordomo at kclug.org
> >
>
>
>
>
> majordomo at kclug.org
>
More information about the Kclug
mailing list