[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Getting Mail Bombed!

Subject: RE: [cobalt-users] Getting Mail Bombed!
From: "Phil Beynon" <Infolink@xxxxxxxxxxxxxxx>
Date: Sun Jul 22 20:51:11 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi all,

Hopefully this is the definitive reason you are getting mailbombed, maybe
I'm the only person on here on the McAfee virus warnings list - who knows,
looks like I'm the only one who read it though - would have cross posted it
earlier but was having a busy weekend!
It should be possible to dump anything that contains the body content(s)
that this virus uses by setting up a filter for that.
On another note, any decent mailbomb app will randomise pretty much
anything, subject, body text, size of body, senders application and other
key factors since they are designed to be as hard as possible to trace back
to source.

Phil

------------------------------------------------------------
     **VIRUS ALERT - W32/SirCam@MM (Sir Cam Virus)**
------------------------------------------------------------

McAfee.com has seen a large and growing number of consumer
computers infected with W32/SirCam@MM.  This is a HIGH RISK
VIRUS FOR CONSUMERS. The infected email can come from
addresses that you recognize. Attached is a file with two
different extensions. The file name itself varies.

The email message can appear as follows:

Subject: [filename (random)]
Body: [content varies]


Hi! How are you?
I send you this file in order to have your advice
or I hope you can help me with this file that I send
or I hope you like the file that I sendo you
or This is the file with the information that you ask for
See you later. Thanks

--- the same message may be received in Spanish ---

Hola como estas ?
Te mando este archivo para que me des tu punto de vista
or Espero me puedas ayudar con el archivo que te mando
or Espero te guste este archivo que te mando
or Este es el archivo con la información que me pediste
Nos vemos pronto, gracias.

The virus searches for .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG,
.PDF, .PNG, .PS, and .ZIP files in the MY DOCUMENTS folder
and attempts to send copies of these documents to email
recipients found in the Windows Address Book and addresses
found in cached files.

For detection and removal instructions for the Sir Cam Virus,
click here.
-> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2371

Retail VirusScan Users:
Version 4.0.70 and above with DAT file 4148 will detect and
remove this virus.  To download the latest DAT files,
click here.
-> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2253

Find out more about this virus. Click here to go to the
W32/SirCam@mm Help Center.
-> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2371

Follow-Ups:
- Re: [cobalt-users] Getting Mail Bombed!
  - From: Scott Phillips
- RE: [cobalt-users] Getting Mail Bombed!
  - From: Colin J. Raven

References:
- Re: [cobalt-users] Getting Mail Bombed!
  - From: Carrie Bartkowiak

Prev by Date: Re: [cobalt-users] Two Domains, Two Emails, same site
Next by Date: [cobalt-users] imap vs pop3
Previous by thread: Re: [cobalt-users] Getting Mail Bombed!
Next by thread: Re: [cobalt-users] Getting Mail Bombed!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index