Hi,
I've just gotten this spam, which contains the attachement
"eurocalculator.exe". Since I don't have any windows machines
around and know better than to execute random scripts I get,
I've limited myself to running strings on the file and I got
the following (and more):
--> Version: Back Orifice 2000 (BO2K) v%1.1u.%1.1u
...
Rebooting now.
Reboot attempt failed.
Locking up machine
...
%.100s [%.100s] (%.260s) "%.100s" RO passwd:%.100s RW passwd:%.100s %s%s%s%s
and a bit further along the file a whole bunch of HTML crap
(is this standard BO2K or a custom thing for this one??):
<head><title>Network Neighborhood</title></head>
....
I also found a whole bunch of SMTP related strings, but maybe
those are BO2K related too.
-------------------------
In short, it seems that somebody is doing yet another attempt
at spreading BO2K through email ... possibly with the script
spreading itself, but I've only done a quick view of the file
and haven't looked at it in any detail ;)
regards,
Rik
--
"What you're running that piece of shit Gnome?!?!"
-- Miguel de Icaza, UKUUG 2000
http://www.conectiva.com/ http://www.surriel.com/
---------- Forwarded message ----------
Date: Tue, 03 Oct 2000 17:15:15 GMT
From: Euro bank <euro_bank_at_hotmail.com>
To: aephe_at_hotmail.com
Subject: Free eurocalculator!!!
You got a free eurocalculator send to you by Euro_bank
An introduction to the Euro!
Enjoy!!
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
Received on Oct 04 2000
Intro
