From: <(>
Date: Fri Dec 7 23:09:13 2001

My brother has an address. I thought that was a
pretty nifty way of dealing with spam. ;-)



In <001b01c1790f$616a20a0$504d7ad5_at_phoenix>, on 11/29/01
   at 07:52 PM, "Philip Pemberton" <> said:

>Hi All,
> I've noticed that a few of you have been chatting about Badtrans -
>according to Symantec, if you drop the underscore from the "From:"
>address, you should end up with the user's actual e-mail address - if the
>virus chose to use the actual address...
> I've picked apart the message source and what it does is quite sneaky
>it uses an IFRAME to load the virus and also uses
>MIME-headers-within-MIME-headers... A few of the regulars on
>alt.comp.virus might want to elaborate... It's a crafty little bugger -
>it even installs a keystroke logging trojan... Anyone remember the
>so-called "Sexyfun" or "Spirale" virus (it's real name was Hybris) - it
>came in an e-mail from hahaha _at_ and could update itself over
>the web with new "plugins"... One of which displays a _huge_ hypnotic
>spiral on-screen... Sophos put a screenshot of it on their website


Jeffrey S. Worley
Asheville, NC USA
Received on Fri Dec 07 2001 - 23:09:13 GMT

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:33:37 BST