UPDATE --- The YOU_are_FAT!.TXT.pif is a VIRUS!
The W95/MTX@M Virus to be exact.
See this
Update - September 19, 2000:
McAfee AVERT has raised the ARA for this virus from Low to Medium based on customer
samples received to date.
Removal of this virus requires 4095 DAT files. This virus was discovered by McAfee AVERT
Aug 23, 2000.
This is a 32bit PE file infector for Windows 9x/NT systems. This virus modifies
WSOCK32.DLL in an effort to hook SMTP traffic as an attachment. This virus searches for
available shares through Network Neighborhood in an effort to transfer to host systems.
W32/MTX@MM is a combination of a Virus, Worm and Backdoor.
-Worm/Backdoor part: As it has mailing capabilities users may receive an e-mail with a
file attachment, the name of the attachment is variable, but it may be like:
I_am_sorry_doc.pif, or zipped_files.exe etc. Regardless of the deceiving filename and
extension, the attached file as such is in fact a 32 bit "pe" file. (Portable Excutable
file, common on win9x/winNT).
-Virus part: the virus also modified 32 bit pe files, like .EXE and .DLL, in the windows
folder. It might search local mapped drives for target files.
When this virus sends itself via email, it could be one of the following file names,
randomly picked (note that some of these filenames are also associated with other
threats, such as W32/Badtrans@MM):
Soooo I think a variable of this got into thier E-mail Server.
Cheers
M;-)
-----Original Message-----
FROM: Don Read
TO: Chris Bolt
CC: mysql@stripped
DATE: Fri 7/13/01 9:48
SUBJECT: RE: Bounces from rtmglobal.com
On 13-Jul-01 Chris Bolt wrote:
> Am I the only one getting these? Someone really needs to fix their mail
> server...
>
It's looks like the usual start-up bugs for somebody's spam-bot.
I got 64 no-valid-command bounces to MySQL messages since June 22nd;
And guess what followed shortly afterward:
spamage from 'netlinux.com' YOU_are_FAT!.TXT.pif (WTF is a pif ?).
Time to tweak the plonk-file boys & girls ...
--
Don Read dread@stripped
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <mysql-thread79402@stripped>
To unsubscribe, e-mail <mysql-unsubscribe-massey=rmci.net@stripped>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
