![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: [OT] Beagle.J acting up again
N. Miller
tdy at blackhole.aosake.net
Sat Mar 6 16:45:38 EST 2004
In article <Xns94A45189E673Bhomesitehelp at 216.154.195.61>, nobody at spamcop.net
says...
> eddie (eddie at eddie.web) wrote in news:pan.2004.03.05.21.37.45.582000
> @eddie.web:
>
> > Why would anyone send an encoded zip along with the password?
> > Why would anyone open a zip that comes with its own password?
>
> Makes it look official, and personal. Very clever social engineering: your
> provider is sending you, personally, a "fix" (for whatever they say it is)
> and is even taking measures it gets to you securely.
>
> Apart from that, it evaded detection by AV products longer than other
> attachments did.
>
> No script kiddies here, professionals!
Oddly, the only Bagle I received (and it passed the ISP's scanner, and both
of mine!) was hardly convincing at all:
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
>
> Argh, i don't like the plaintext :)
>
> password: 34615
That was it; except for the attachment. It was another day before NAV 2003
finally caught up, and found: "W32.Beagle at mm!zip".
--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
More information about the SpamCop-List
mailing list