T 
		
								
				
				
			
		Tech Zero
Up until now I thought Bagle was Swen and some versions of Netsky...
That Bagle ignored munged email addresses.
Well, that was proven false today with my first Bagle.K received on my
disposable Usenet alias:
************ Copy N Paste ************
Return-Path: <[email protected]>
Received: from BRENT ([209.248.59.154]) by priv-edtnes28.telusplanet.net
(InterMail vM.6.00.05.02 201-2115-109-103-20031105) with SMTP
id <20040408134606.PYN19080.priv-edtnes28.telusplanet.net@BRENT>
for <[email protected]>; Thu, 8 Apr 2004 07:46:06 -0600
Date: Thu, 08 Apr 2004 08:46:08 -0600
To: (e-mail address removed)
Subject: Important notify about your e-mail account.
From: (e-mail address removed)
Message-ID: <[email protected]>
X-Antivirus: AVG for E-mail 6.0.0 [419]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=--------atybgsijteqiwdgwcxvr
----------atybgsijteqiwdgwcxvr
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Dear user, the management of Dragonfur.ca mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and e-mail account safe,
please, follow the instructions.
Please, read the attach for further details.
The Management,
The Dragonfur.ca team http://www.dragonfur.ca
----------atybgsijteqiwdgwcxvr
Content-Type: text/plain; x-avg=cert; charset=iso-8859-2
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Content-Description: "AVG certification"
Viruses found in the attached files.
The attached file Document.pif: I-Worm/Bagle.K. The attachment was moved to the virus vault.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.654 / Virus Database: 419 - Release Date: 06/04/04
************ End of Paste ************
Of course the obviously fake "(e-mail address removed)" tipped me off,
mainly because *I'm the management* and know that the address doesn't
exist, so the email is a definite forgery (oh so typical). What was
different was the account it was sent to. Hell, up until now my public
account has been {virus of the week} free...
Oh... Does anyone know how to change AVG's EMC so it doesn't attach
verification notices to all received posts? It's tripping up my email
attachment filter on all my normally "Plain Text" subscriptions.
				
			That Bagle ignored munged email addresses.
Well, that was proven false today with my first Bagle.K received on my
disposable Usenet alias:
************ Copy N Paste ************
Return-Path: <[email protected]>
Received: from BRENT ([209.248.59.154]) by priv-edtnes28.telusplanet.net
(InterMail vM.6.00.05.02 201-2115-109-103-20031105) with SMTP
id <20040408134606.PYN19080.priv-edtnes28.telusplanet.net@BRENT>
for <[email protected]>; Thu, 8 Apr 2004 07:46:06 -0600
Date: Thu, 08 Apr 2004 08:46:08 -0600
To: (e-mail address removed)
Subject: Important notify about your e-mail account.
From: (e-mail address removed)
Message-ID: <[email protected]>
X-Antivirus: AVG for E-mail 6.0.0 [419]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=--------atybgsijteqiwdgwcxvr
----------atybgsijteqiwdgwcxvr
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Dear user, the management of Dragonfur.ca mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and e-mail account safe,
please, follow the instructions.
Please, read the attach for further details.
The Management,
The Dragonfur.ca team http://www.dragonfur.ca
----------atybgsijteqiwdgwcxvr
Content-Type: text/plain; x-avg=cert; charset=iso-8859-2
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Content-Description: "AVG certification"
Viruses found in the attached files.
The attached file Document.pif: I-Worm/Bagle.K. The attachment was moved to the virus vault.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.654 / Virus Database: 419 - Release Date: 06/04/04
************ End of Paste ************
Of course the obviously fake "(e-mail address removed)" tipped me off,
mainly because *I'm the management* and know that the address doesn't
exist, so the email is a definite forgery (oh so typical). What was
different was the account it was sent to. Hell, up until now my public
account has been {virus of the week} free...
Oh... Does anyone know how to change AVG's EMC so it doesn't attach
verification notices to all received posts? It's tripping up my email
attachment filter on all my normally "Plain Text" subscriptions.
