07.11.05

An Old Virus But Still Nasty

Posted in Security at 11:58 am by Lisa Spangenberg

I’ve finally seen my first potentially believable e-mail Trojan. This is one that’s been around a long time; I’ve just never gotten this particular e-mail. The payload is a .zip file containing W32.Netsky.P@mm. According to the Symantec Security Response site, this variant has been known about since March of 2004. It’s one of those payloads that have a couple of pre-created e-mails, and that’s the part that makes this one so insidious.

The body of the e-mail reads:

The sample file you sent contains a new virus version of buppa.k.
Please update your virus scanner with the attached dat file.

Best Regards,
Keria Reynolds

++++ Attachment: No Virus found
++++ F-Secure AntiVirus - www.f-secure.com

The attachment, the actual viral payload, is named “datfiles.zip.”

Both the From and the Reply-to headers truly look to the naive as if this came from support@symantec.com, though of course it didn’t. For one thing, there’s not as much data as you’d expect in the headers—no IP numbers at all—and for another Symantec doesn’t ever update it’s users via an e-mail attachment. The other oddity of course, is that at the bottom of the email you’ve got that “F-Secure” stamp of approval&and I’m pretty sure Symantec doesn’t use “>a competitor’s products on Symantec’s servers.

But I bet a lot of users would take the e-mail at face value, and click away. I note that a Google search for “Keria Reynolds” results in a number of sites pointing out the problems of taking this virus spam at face value.

Permalink Comments off

07.04.05

Unix Frivolities and LOTR

Posted in Silly, The Unix Command Line at 12:46 pm by Lisa Spangenberg

Open the Terminal in Mac OS X (Applications / Utilities).

Type

cat /usr/share/calendar/calendar.history | grep “LOTR”

You should see a list, in month and day order, of events in Tolkien’s The Hobbit and Lord of the Rings. For instance, September 14 is the birthday of both Bilbo and Frodo.

This particular Stupid Terminal Trick is not unique to OS X; it’s part of OS X’s heritage from BSD Unix, and goes back to earlier days.

Permalink Comments off

Pages
About

Editorial Policies

Search

Meta

Login

Entries RSS

Comments RSS

Wordpress

Archives

August 2008

July 2008

February 2008

May 2007

April 2007

March 2007

February 2007

December 2006

November 2006

September 2006

August 2006

June 2006

May 2006

April 2006

March 2006

February 2006

January 2006

December 2005

November 2005

October 2005

September 2005

August 2005

July 2005

June 2005

May 2005

April 2005

March 2005

February 2005

January 2005

December 2004

November 2004

October 2004

September 2004

August 2004

July 2004

June 2004

May 2004

April 2004

March 2004

February 2004

January 2004

December 2003

November 2003

October 2003

September 2003

August 2003

July 2003

June 2003

April 2003

March 2003

February 2003

January 2003

December 2002

October 2002

September 2002

August 2002

July 2002

June 2002

May 2002

April 2002

March 2002

February 2002

January 2002

Categories

Blogging

CMS/LMS

Software

Development

Macintosh

Conferences

Pedagogy and Scholarship

HTML/XML/CSS

Copyright

Security

English

Tutorial

Pointy-Haired Bosses

Silly

Rant

Books

The Unix Command Line

Culture and Society

Design by Beccary · Sponsored by Weblogs.us · XHTML · CSS

IT: Instructional Technology

07.11.05

An Old Virus But Still Nasty

07.04.05

Unix Frivolities and LOTR

Pages

Search

Meta

Archives

Categories