wierd e mail

Closed Thread Subscribe

Thread Tools

Search this Thread

14th Apr 2004, 16:40

#1 (permalink)

jimgriff

Thread Starter

Join Date: Feb 2002

Location: (LFA 7a)

Age: 64

Posts: 738

Likes: 33

Received 9 Likes on 5 Posts

wierd e mail

Im now getting e mail which is made up of what looks like dozens of random words.

Anyone any idea what this is all about?
There are no attachments, but there seems little point in these.

14th Apr 2004, 17:03

#2 (permalink)

Naples Air Center, Inc.

The Oracle

Join Date: Aug 2001

Location: Naples, Florida U.S.A.

Posts: 2,902

Likes: 0

Received 0 Likes on 0 Posts

jimgriff,

Those are random words and it is sent out from an infected computer.

From some of the Trojan Payload Descriptions:

Quote:

This Trojan program enables its user to send anonymous emails. It can also check if a specific mail server is running or not, choose a random mail server, and then sends an email. If its user attempts to use a blank message body, it inserts random words before it sends out the emails.

From some of the Worm Payload Descriptions:

Quote:

The worm produced has used variables with random words composed of 10 characters.

The generator has the following characteristics:

User can set the registry name used to reload the Trojan during boot-up.
User can decide if a worm that uses MS Outlook for propagation can send it an attachment of an embedded script.
The subject title and the content of the email can also be modified. The worm may also be set to infect files such as VBS and VBE by overwriting its original code.

User may choose one of four methods of payload and the trigger date can be set on any date between January 1 to December 31.

Methods of payload:

A message box with desired text.
An Internet browser can be launched and set to open any URL.
Two modes of crashing the system

The Trojan also employs a scheme to protect itself by implementing a procedure to reproduce itself whenever the worm is deleted. Also, the code of the worm can be encrypted so that altering it is harder.

There are many more.

Take Care,

Richard

14th Apr 2004, 18:37

#3 (permalink)

jimgriff

Thread Starter

Join Date: Feb 2002

Location: (LFA 7a)

Age: 64

Posts: 738

Likes: 33

Received 9 Likes on 5 Posts

Ah Ha!!
The plot thickens.
As there are no atatchments am I to assume that I am not infected?
I have NIV 2004 (up to date with updates) running at all times.

14th Apr 2004, 18:47

#4 (permalink)

BOAC

Per Ardua ad Astraeus

Join Date: Mar 2000

Location: UK

Posts: 18,579

Likes: 0

Received 0 Likes on 0 Posts

Quote:

As there are no atatchments am I to assume that I am not infected

Jim - as NAC has said many times, visit 'House Call' at Trend to calm your fears (or scare the pants off ya!) to check your system is 'clean'

Last edited by BOAC; 14th Apr 2004 at 19:22.

14th Apr 2004, 19:42

#5 (permalink)

drauk

Join Date: Sep 2002

Location: London, UK

Posts: 778

Likes: 0

Received 0 Likes on 0 Posts

They might not be coming from an infected computer, or indeed be virus-related at all. Many spammers put random words in their emails, sometimes seemingly filling them with random words which may or may not make any sense. The purpose of this is to defeat spam filters, which analyze the text for the ratios of certain words to other text and various other lexical analysis techniques.

15th Apr 2004, 21:51

#6 (permalink)

mcdhu

Join Date: Mar 2000

Location: Sunrise Senior Living

Posts: 1,338

Likes: 0

Received 0 Likes on 0 Posts

Richard and BOAC are dead right!

I have Norton Antivirus running all the time with Auto update which runs almost daily in these infectious times, but still regularly run the Trend Micro Housecall as recommended. A Norton full scan yesterday revealed nothing untoward but the Housecall picked up something called JS PETCH.A which I had no idea was there. Good system. Thanks Richard.

Cheers,
mcdhu

PS Didn't think much of your weather last Sunday/Monday Richard!