[ale] What's with this "RotatE()" message?

[Irv Mullins]

On Friday 16 August 2002 11:49 pm, you wrote:
> Klez.  It spoofs both the sender and to addresses from Outlook address
> books.  As I understand it, it should have two attachments.  One is the
> virus infected file and the other is a random file picked up off the
> infected computer.  Scarry huh?  Never know where that Quicken checkbook
> file might end up these days...

Yep. I get 2 or 3 every day. I always use khexedit to view the attachments,
which are sometimes interesting.  I've gotten one rather longish report 
from the CEO of a major corporation, marked "CONFIDENTIAL".:)

If you look into the first attachment, you'll find that regardless of its 
filename or extension, it is actually a Visual C program which is a mail 
client.  Their are enough "CONNECT"  strings inside to make it clear what it 
is trying to do. Since it requires Windows to run (says so right in the code) 
you have little to worry about.  Just keep running Linux.

But there's no use trying to contact the sender, that address is forged, as 
is the reply-to address.  Tracking down the real sender isn't easy.

Irv

> Jeff Hubbs wrote:
> > I just got a big e-mail with attachment - subject of "RotatE()".  I've
> > never heard of the sending address.  Header is as follows.  What is
> > this??
> >
> > The only thing that really tells me anything is where it says
> > "Content-Type: audio/x-midi".
> >
> > Evolution just shows the message as blank.
> >
> > - Jeff


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.