New "my party" worm -- uuencoded

From: D. J. Hagberg (
Date: Mon 28 Jan 2002 - 19:37:51 UTC

  • Next message: Bjarni R. Einarsson: "Re: New "my party" worm -- uuencoded"

    Does Anomy have any facilities to quarantine the new "my party" worm?
    That worm uses a vector that's new to me -- uuencoded file in the body of
    the message, not as a separate MIME part. Kinda like we used to use to
    send files around circa 1992 or so...

     From: "Some bozo Running Outlook [CONTRACTOR]" <>
     Subject: new photos from my party!
            My party... It was absolutely amazing!
            I have attached my web page with new photos!
            If you can please make color prints of my photos. Thanks!
            begin 666

    and so forth. Outlook, Eudora, and even Netscape 6 all show this as an
    attachment even though it isn't one, technically. Because it has the .com
    extension, users that double-click this attachment are asked if they want
    to execute it. And some bozos click Yes...

    Any suggestions appreciated.

                            -=- D. J.

    hosted by