Return-Path: <sentto-279987-3059-1003368279-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 17 Oct 2001 18:26:08 -0700 (PDT) Received: (qmail 20578 invoked by uid 510); 18 Oct 2001 01:24:18 -0000 Received: from n33.groups.yahoo.com (216.115.96.83) by 204.181.12.215 with SMTP; 18 Oct 2001 01:24:18 -0000 X-eGroups-Return: sentto-279987-3059-1003368279-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by n33.groups.yahoo.com with NNFMP; 18 Oct 2001 01:24:39 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 18 Oct 2001 01:24:39 -0000 Received: (qmail 55012 invoked from network); 18 Oct 2001 01:24:38 -0000 Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 18 Oct 2001 01:24:38 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 18 Oct 2001 01:24:38 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id SAA05091 for iwar@onelist.com; Wed, 17 Oct 2001 18:24:38 -0700 Message-Id: <200110180124.SAA05091@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 17 Oct 2001 18:24:38 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:New.email.worm] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit We have observed a new email worm in the wild of unknown virulence, just wanted to get the word out ASAP. We're calling it "DarkMachine" after the nicknames of the discoverers here at SecureWorks. The worm arrives as a .exe attachment with varying names. The subject line also varies, but the body of the message stays the same: ====== heh. I tell ya this is nuts ! You gotta check it out ! ====== Subject lines observed so far include: ====== Kev Gives great orgasms to ladeez!! -- Kev I don't want to write anything but Si is bullying me. -- Jim Scientists have found traces of the HIV virus in cow's milk...here is the proof -- Will A new type of Lager / Weed variant...... sorted ! I want to live in a wooden house -- Arwel ====== The names in the subject lines may or may not be related to the name of the person sending the email. The .exe attachment names vary, but the list of ones that we have seen so far is: ===== Common.exe Rede.exe UserConf.exe Si.exe ===== ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:55 PST