wierd e mail
Thread Starter
Joined: Feb 2002
Posts: 747
Likes: 22
From: (LFA 7a)
wierd e mail
Im now getting e mail which is made up of what looks like dozens of random words.
Anyone any idea what this is all about?
There are no attachments, but there seems little point in these.
Anyone any idea what this is all about?
There are no attachments, but there seems little point in these.
The Oracle
Joined: Aug 2001
Posts: 2,902
Likes: 0
From: Naples, Florida U.S.A.
jimgriff,
Those are random words and it is sent out from an infected computer.
From some of the Trojan Payload Descriptions:
From some of the Worm Payload Descriptions:
There are many more.
Take Care,
Richard
Those are random words and it is sent out from an infected computer.
From some of the Trojan Payload Descriptions:
This Trojan program enables its user to send anonymous emails. It can also check if a specific mail server is running or not, choose a random mail server, and then sends an email. If its user attempts to use a blank message body, it inserts random words before it sends out the emails.
The worm produced has used variables with random words composed of 10 characters.
The generator has the following characteristics:
User can set the registry name used to reload the Trojan during boot-up.
User can decide if a worm that uses MS Outlook for propagation can send it an attachment of an embedded script.
The subject title and the content of the email can also be modified. The worm may also be set to infect files such as VBS and VBE by overwriting its original code.
User may choose one of four methods of payload and the trigger date can be set on any date between January 1 to December 31.
Methods of payload:
The generator has the following characteristics:
User can set the registry name used to reload the Trojan during boot-up.
User can decide if a worm that uses MS Outlook for propagation can send it an attachment of an embedded script.
The subject title and the content of the email can also be modified. The worm may also be set to infect files such as VBS and VBE by overwriting its original code.
User may choose one of four methods of payload and the trigger date can be set on any date between January 1 to December 31.
Methods of payload:
- A message box with desired text.
- An Internet browser can be launched and set to open any URL.
- Two modes of crashing the system
Take Care,
Richard
Per Ardua ad Astraeus
Joined: Mar 2000
Posts: 18,575
Likes: 4
From: UK
As there are no atatchments am I to assume that I am not infected
Last edited by BOAC; 14th April 2004 at 19:22.
Joined: Sep 2002
Posts: 778
Likes: 0
From: London, UK
They might not be coming from an infected computer, or indeed be virus-related at all. Many spammers put random words in their emails, sometimes seemingly filling them with random words which may or may not make any sense. The purpose of this is to defeat spam filters, which analyze the text for the ratios of certain words to other text and various other lexical analysis techniques.
Joined: Mar 2000
Posts: 1,337
Likes: 1
From: Sunrise Senior Living
Richard and BOAC are dead right!
I have Norton Antivirus running all the time with Auto update which runs almost daily in these infectious times, but still regularly run the Trend Micro Housecall as recommended. A Norton full scan yesterday revealed nothing untoward but the Housecall picked up something called JS PETCH.A which I had no idea was there. Good system. Thanks Richard.
Cheers,
mcdhu
PS Didn't think much of your weather last Sunday/Monday Richard!
I have Norton Antivirus running all the time with Auto update which runs almost daily in these infectious times, but still regularly run the Trend Micro Housecall as recommended. A Norton full scan yesterday revealed nothing untoward but the Housecall picked up something called JS PETCH.A which I had no idea was there. Good system. Thanks Richard.
Cheers,
mcdhu
PS Didn't think much of your weather last Sunday/Monday Richard!
