[SpamCop-List] Re: [OT] Beagle.J acting up again
tdy at blackhole.aosake.net
Sat Mar 6 16:45:38 EST 2004
In article <Xns94A45189E673Bhomesitehelp at 188.8.131.52>, nobody at spamcop.net
> eddie (eddie at eddie.web) wrote in news:pan.2004.03.05.21.37.45.582000
> > Why would anyone send an encoded zip along with the password?
> > Why would anyone open a zip that comes with its own password?
> Makes it look official, and personal. Very clever social engineering: your
> provider is sending you, personally, a "fix" (for whatever they say it is)
> and is even taking measures it gets to you securely.
> Apart from that, it evaded detection by AV products longer than other
> attachments did.
> No script kiddies here, professionals!
Oddly, the only Bagle I received (and it passed the ISP's scanner, and both
of mine!) was hardly convincing at all:
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> Argh, i don't like the plaintext :)
> password: 34615
That was it; except for the attachment. It was another day before NAV 2003
finally caught up, and found: "W32.Beagle at mm!zip".
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
More information about the SpamCop-List