Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

MS Lookout Express virus - subject "yearend total"

  • 09-08-2001 8:17am
    #1
    Trojan
    Registered Users, Registered Users 2 Posts: 16,414 ✭✭✭✭


    Hey guys,

    sorry if this has done the rounds already but I just got 8 of them from the krb mailing list
    <font face="Verdana, Arial" size="2">

    Date: Wed, 08 Aug 2001 21:37:32 -0500
    From: Adam Thompson <xxx@xxx.xxx>
    Subject: yearend total
    To: kerberos@MIT.EDU
    Message-id: <0GHS00D934SJBS@chimmx02.algx.net>
    MIME-version: 1.0
    X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
    X-Mailer: Microsoft Outlook Express 5.50.4133.2400
    Content-type: multipart/mixed; boundary="Boundary_(ID_M5QFbh6aP0L+WCdSZlOxCQ)"
    Content-Length: 349429

    Hi! How are you?

    I send you this file in order to have your advice

    See you later. Thanks

    </font>

    2 files attached: NoName (0 bytes) and "yearend total.xls.com"

    In each of the emails the suffix was either .xls.com, .xls.bat, or .xls.pif
    <font face="Verdana, Arial" size="2">
    From: SMTP_NY01/USA/DDS@donovandata.com
    X-Priority: 3 (Normal)
    Date: Thu, 9 Aug 2001 03:44:48 -0400
    Subject: Report to Recipient(s)
    To: kerberos@MIT.EDU
    X-MIMETrack: Serialize by Router on SMTP_NY01/USA/DDS(Release 5.0.7 |March 21, 2001) at 08/09/2001 03:45:19 AM

    Incident Information:-

    Originator: Adam Thompson <xxx@xxx.xxx>
    Recipients: kerberos@MIT.EDU
    Subject: yearend total

    WARNING: The file yearend total.xls.pif you received was infected with the
    W32/SirCam@MM virus. The file attachment was not successfully cleaned.

    </font>

    Al.

    🎙️ The Recognized Authority Podcast



Comments

  • #2
    PhilipMarlowe
    Subscribers Posts: 4,419 ✭✭✭PhilipMarlowe


    Its not necessarily always that same subject... afaik the subject is the same as the attachment which is taken from the infected persons computer - so it has the appearance of a genuine email...ish
    I've taken in a few of them from customers and I've replied to them with a link to a removal tool...
    http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html

    ...or something™


  • #3
    Trojan
    Registered Users, Registered Users 2 Posts: 16,414 ✭✭✭✭Trojan


    Yeah we got another one, this time to an internal mailing list!? but the subject was "Simon Sociology essay" or something.

    Cheers for the link. Luckily this is not a winblows shop smile.gif

    Al.

    🎙️ The Recognized Authority Podcast



Advertisement