Latest Bagle varient spreads in password protected rar files
Jim Holland
mailscanner at MANGO.ZW
Sun Mar 14 09:47:17 GMT 2004
On Sun, 14 Mar 2004, Kevin Spicer wrote:
> http://www.sophos.co.uk/virusinfo/analyses/w32baglen.html
>
> Guess it was only a matter of time. Although it isn't mentioned on the
> Sophos page its been reported on the clam list that the virus can
> present the password as an image. I'm blocking rars right now (don't
> think we really have many people using them anyway)
I have received a password-protected zip file with password in an image.
See sample below - just like the earlier ones except for the use of the
image.
Regards
Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service
>From staff at mango.zw Sun Mar 14 11:42:14 2004
Date: Sun, 14 Mar 2004 09:25:41 +0200
From: staff at mango.zw
To: jholland @ mango.zw
Subject: Warning about your e-mail account.
Dear user of Mango.zw e-mail server gateway,
Your e-mail account has been temporary disabled because of unauthorized
access.
For details see the attach.
Archive password: [IMAGE]
The Management,
The Mango.zw team http://www.mango.zw
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bkiqsnfjyu.gif
Type: image/gif
Size: 1043 bytes
Desc:
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040314/9a6d7028/bkiqsnfjyu.gif
More information about the MailScanner
mailing list