l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2004 Mar 03 10:31

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
RE: [vox-tech] Viruses
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [vox-tech] Viruses



The email I received didn't contain the [vox/vox-tech] signature.

> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

I figured it was fake.

-Don

> -----Original Message-----
> From: vox-tech-admin@lists.lugod.org
> [mailto:vox-tech-admin@lists.lugod.org]On Behalf Of Rod Roark
> Sent: Wednesday, March 03, 2004 10:23 AM
> To: vox-tech@lists.lugod.org
> Subject: [vox-tech] Viruses
>
>
> On Wednesday 03 March 2004 10:06 am, Robert G. Scofield wrote:
> > On Wednesday 03 March 2004 09:43, Peter Jay Salzman wrote:
> > >
> > > ps- is there a new virus?  all of a sudden, starting from last night
> > > i've gotten a huge ton of emails that say things like:
> > >
> > >    Arggghh, I hate plaintext!
> > >
> > >    Here is your excel file.
> > >
> > >    I don't bite, weah!
> > >
> > >    Your file is attached.
> > >
> > > i normally don't see viruses because i filter based on executable
> > > strings in every win32 executable.  but these viruses seem to be
> > > carrying .zip and .pif payloads which are getting past my filter.
> >
> > I just got a message from "lugod@livepenguin.com" with an
> apparent zip file
> > attached.  Here's what it says:
> >
> > "Looking  forward for  a response :P
> >  
> > password: 17468
> > AttachedFile.zip"
> >
> > Does anyone know what this is all about?
>
> "From" headers in virus emails are almost always forged.
> If you think it really came from the list, send me all the
> headers from the message (do not include the payload or
> your message will most likely be rejected).
>
> I've noticed a whole bunch of unique zip files in these
> messages recently.  For anyone interested, here is my
> current list of Postfix body checks, which is growing daily:
>
> /^TV[nopqr]....[AB]..A.A....*AAAA...*AAAA/ REJECT Microsoft
> executable attachments are not allowed here.
> /^M35[GHIJK].`..`..*````/                  REJECT Microsoft
> executable attachments are not allowed here.
> /^UEsDBAoAAAAAA.....DKJx\+eAFgAAABYAA/ REJECT Attached zip file
> is a virus (1).
> /^UEsDBAoAAAAAA.....CwFOBrAlgAAAJYAA/  REJECT Attached zip file
> is a virus (2).
> /^UEsDBAoAAAAAA.....BdbrAiAFYAAABWAA/  REJECT Attached zip file
> is a virus (3).
> /^UEsDBAoAAAAAA.....BkjKgF7YcAAO2HAA/  REJECT Attached zip file
> is a virus (4).
> /^UEsDBAoAAAAAA.....D72n6\/7YcAAO2HAA/ REJECT Attached zip file
> is a virus (5).
> /^UEsDBAoAAAAAA.....CqcvrHAVYAAAFWAA/  REJECT Attached zip file
> is a virus (6).
> /^UEsDBAoAAAAAA.....BMC61l7YcAAO2HAA/  REJECT Attached zip file
> is a virus (7).
> /^UEsDBAoAAAAAA.....BKH8ydAD4AAAA\+AA/ REJECT Attached zip file
> is a virus (8).
> /^UEsDBAoAAAAAA.....BiZMYWCWMAAAljAA/  REJECT Attached zip file
> is a virus (9).
> /^UEsDBAoAAQAAA.....B7DBL7KlIAAB5SAA/  REJECT Attached zip file
> is a virus (10).
> /^UEsDBAoAAAAAA.....DcIq\+BCIcAAAiHAA/ REJECT Attached zip file
> is a virus (11).
> /^UEsDBAoAAAAAA.....BXRG0y8ocAAPKHAA/  REJECT Attached zip file
> is a virus (12).
> /^UEsDBAoAAAAAA.....CBoWs\/7YcAAO2HAA/ REJECT Attached zip file
> is a virus (13).
> /^UEsDBAoAAQAAA.....BVpTuMtFAAAKhQAA/  REJECT Attached zip file
> is a virus (14).
> /^UEsDBAoAAAAAA.....B78bObV0IAAFdCAA/  REJECT Attached zip file
> is a virus (15).
> /^UEsDBAoAAAAAA.....AedXfJCIcAAAiHAA/  REJECT Attached zip file
> is a virus (16).
> /^UEsDBAoAAQAAA.....CRGduw\/VQAAPFUAA/ REJECT Attached zip file
> is a virus (17).
> /^UEsDBAoAAAAAA.....DpTnai4UYAAOFGAA/  REJECT Attached zip file
> is a virus (18).
>
> -- Rod
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>
>


_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.