OT-Re: Question on email virus in Outlook Express
Gerald Combs
gerald at ethereal.com
Mon Apr 1 17:02:33 CST 2002
On Mon, 1 Apr 2002, Marvin Bellamy wrote:
> This is a little off-topic, but somewhat related to this issue. Has
> anyone noticed that some files played with Windows media player can
> cause web pages to open? Can other applications be called from the
> media player? Maybe I'm seeing a correlation between isolated events,
> but if what I think is happening is correct, this is an insane
> security/privacy issue.
You're correct. This has been discussed a bit lately on BUGTRAQ. A good
description of the problem can be found at
http://online.securityfocus.com/archive/1/263469.
> Brian Densmore wrote:
>
> >Also the from domain doesn't appear to exist. Probably a spoofed
> >address.
> >I couldn't resolve a name in the address space. The mail came from an
> >unnamed mail server; not sure how that is possible. Also this doesn't
> >look like an html e-mail. It looks like a M$ virus file. Note the
> >multipart/alternative format. Very common attack method. Although it
> >could be some binary file like realplayer or something (still, I doubt
> >it).
> >
> >Brian
> >
> >>-----Original Message-----
> >>From: hanasaki [mailto:hanasaki at hanaden.com]
> >>Sent: Sunday, March 31, 2002 8:29 AM
> >>To: KCLUG (E-mail)
> >>Subject: Question on email virus in Outlook Express
> >>
> >>
> >>The below showed up in my email logs the other day. Could someone
> >>please help? Is this a known virus? What is it?
> >>
> >>==========================================
> >>2002-03-29 01:51:15 16qrAG-0001bN-00 rejected from
> >>(hawk.chinabyte.com)
> >>[211.167
> >>.73.209]: there is no valid sender in any header line
> >>(envelope sender
> >>is <nobod
> >>y2 at chinabyte.com>)
> >>Recipients: hanasaki at hanaden.com
> >>P Received: from [211.167.73.209] (helo=hawk.chinabyte.com)
> >> by portal with smtp (Exim 3.33 #3 (Debian))
> >> id 16qrAG-0001bN-00
> >> for <hanasaki at hanaden.com>; Fri, 29 Mar 2002 01:51:12 -0600
> >>P Received: (qmail 3867 invoked from network); 29 Mar 2002
> >>05:48:51 -0000
> >>P Received: from unknown (HELO ??????) (211.158.14.81)
> >> by 0 with SMTP; 29 Mar 2002 05:48:51 -0000
> >>R Reply-To: "<C3><B4><C3><B4><C3><DB>"<<C3><B4><C3><B4><C3><DB>>
> >>F From: "<C3><B4><C3><B4><C3><DB>"<<C3><B4><C3><B4><C3><DB>>
> >>T To: han at 263.net
> >> Subject:
> >><B6><D4>263<C3><E2><B7><D1><D3><CA><BC><FE><B2><BB><D4><D9><D3><D0>
> >><B5><C4><B9><D8><D7><A2><A3><AC><CF><EB><D4><F5><C3><B4><D7><F
> >>6><BE><CD><D4><F5>
> >><C3><B4><D7><F6><A3><A1>
> >> Date: Fri,29 Mar 2002 13:35:57 +0800
> >>* Return-Path: "<C3><B4><C3><B4><C3><DB>"<<C3><B4><C3><B4><C3><DB>>
> >> X-Mailer: Microsoft Outlook Express
> >> Content-Type: multipart/related;
> >> boundary="----=_NextPart_000_0011_01C1D2D6.5DEEF420";
> >> type="multipart/alternative"
> >> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
> >>I Message-Id: <E16qrAG-0001bN-00 at portal>
> >>
> >>--
> >>= hanasaki at hanaden.com =
> >>= Spam : Unhealthy and High in Sodium and Cholesterol =
> >>
> >>
> >>
> >>majordomo at kclug.org
> >>
> >
> >
> >
>
>
>
>
>
More information about the Kclug
mailing list