Badtrans

From: UberTechnoid_at_home.com <(UberTechnoid_at_home.com)>
Date: Fri Dec 7 23:09:13 2001

My brother has an xxxxx-devnull_at_xxxx.com address. I thought that was a
pretty nifty way of dealing with spam. ;-)

Regards,

Jeff

In <001b01c1790f$616a20a0$504d7ad5_at_phoenix>, on 11/29/01
   at 07:52 PM, "Philip Pemberton" <philpem_at_bigfoot.com> said:

>Hi All,
> I've noticed that a few of you have been chatting about Badtrans -
>according to Symantec, if you drop the underscore from the "From:"
>address, you should end up with the user's actual e-mail address - if the
>virus chose to use the actual address...
> I've picked apart the message source and what it does is quite sneaky
>-
>it uses an IFRAME to load the virus and also uses
>MIME-headers-within-MIME-headers... A few of the regulars on
>alt.comp.virus might want to elaborate... It's a crafty little bugger -
>it even installs a keystroke logging trojan... Anyone remember the
>so-called "Sexyfun" or "Spirale" virus (it's real name was Hybris) - it
>came in an e-mail from hahaha _at_ sexyfun.net and could update itself over
>the web with new "plugins"... One of which displays a _huge_ hypnotic
>spiral on-screen... Sophos put a screenshot of it on their website
>(www.sophos.com).

>Later.
>--
>Phil.
>philpem_at_bigfoot.com
>http://www.philpem.f9.co.uk/


-- 
-----------------------------------------------------------
Jeffrey S. Worley
Asheville, NC USA
828-6984887
UberTechnoid_at_Home.com
-----------------------------------------------------------
Received on Fri Dec 07 2001 - 23:09:13 GMT

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:33:37 BST