Subject: FW: Virus alert! - Your details
Please note - the file did come through - than God, no attachment.
I'd just like to make a personal note that this is the 4th bloody virus
Cheers,
Louise Erasmus
-----Original Message-----
-----Original Message-----
Dear Ricardo,
A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk mass-mailing
Note: The worm copies itself onto the infected machine as:
Caution: An infected email can come from addresses you recognize and may
WHAT TO LOOK FOR:
Body: [content varies]
Attachment: [content varies]
From: Erasmus L
Date: Wed Aug 20 2003 - 08:58:16 CEST
in three days!
Residential address:
Biocomplexity Research Group
Department of Zoology
University of Stellenbosch
Stellenbosch
7602
South Africa
Tel. + 27 - 21 - 808 2604
Affiliation address:
Conservation Planning Unit
Department of Zoology and Entomology
University of Pretoria
Pretoria
0002
South Africa
Tel. +27 - 12 - 420 4048
e-mail: lerasmus@zoology.up.ac.za
Please use the residential address
From: Willems Lydia <lwillems@sun.ac.za>
Sent: 20 August 2003 08:32 AM
To: Alblas A <aa2@sun.ac.za>; Cherry M I (E-mail); Chown SL
<slchown@sun.ac.za>; Daniels Savel, Dr <srd@sun.ac.za>; Davids HP Mnr.;
Davids Ricardo, Mr <rdd@sun.ac.za>; Davids Ricardo, Mr <rdd@sun.ac.za>;
Flemming AF <aff@sun.ac.za>; Gordon F <fg1@sun.ac.za>; Haenel C
<chaenel@sun.ac.za>; Jansen van Vuuren B <bjvv@sun.ac.za>; De Mink JM
<jmdm@sun.ac.za>; Khanyile JP <jpk@sun.ac.za>; Klok Jaco
<cjklok@sun.ac.za>; Matthee CA <cam@sun.ac.za>; Mouton PLN
<pnm@sun.ac.za>; Nel JAJ <jan@sun.ac.za>; Beneke PC <pcben@sun.ac.za>;
Reinecke AJ <ajr@sun.ac.za>; Reinecke Sophie, Dr <sar@sun.ac.za>; Reyers
Belinda, Dr <breyers@sun.ac.za>; Mercer Richard <mercer@sun.ac.za>;
Robertson R Mnr.; Robinson TJ <tjr@sun.ac.za>; Sauerman MP
<mpdb@sun.ac.za>; Sirgel WF <wfs@sun.ac.za>; Solomons N Mnr.; Van den
Heever JA <javdh@sun.ac.za>; Van der Westhuysen C <cvdw@sun.ac.za>; Van
Wyk Jh, Prof <jhvw@sun.ac.za>; Willems Lydia <lwillems@sun.ac.za>;
Williams JP <jpw@sun.ac.za>; Wossler TC <wossler@sun.ac.za>; Dobigny G
<dobigny@sun.ac.za>; Eick Geeta <eick@sun.ac.za>; Erasmus Barend
<berasmus@sun.ac.za>; Erasmus L <lerasmus@sun.ac.za>; Jones JL
<jljones@sun.ac.za>; Parr CL <clp@sun.ac.za>; Le Roux A, Miss
<aliza@sun.ac.za>; Mcfarlane Mhairi <mcfarlane@sun.ac.za>; Barry MW
<mwbarry@sun.ac.za>; Sinclair BJ <bjs@sun.ac.za>; Tolley Krystal
<tolley@sun.ac.za>; Waters PD <pwaters@sun.ac.za>; Bergstedt AL Mev
(E-mail); Botha Cora (E-mail); Coetzee H Mev (E-mail); Conradie L
<lcon@sun.ac.za>; Swart Erika <es2@sun.ac.za>; Eygelaar Lynnette
<lle@sun.ac.za>; Honing Ina <rmh@sun.ac.za>; Joubert Jessie
<jj1@sun.ac.za>; Krug Connie, Dr <ckrug@sun.ac.za>; May Sylette
<smay@sun.ac.za>; Stevens Tina <ces2@sun.ac.za>; Strydom Stephmarie
<sstrydom@sun.ac.za>; Calitz Viola <vjc@sun.ac.za>; Wanda (E-mail);
Olivier C <13438166@sun.ac.za>; Fourie F <13436171@sun.ac.za>; Gagiano C
<13376101@sun.ac.za>; Greve Michelle <13375113@sun.ac.za>; Koller Verena
<14287579@sun.ac.za>; Van Deventer MH <14216167@sun.ac.za>; Smit HA
<13327194@sun.ac.za>; Voua Otomo Patricks, Mr <13788329@sun.ac.za>; Du
Toit Dahne <dadutoit@sun.ac.za>; Effenberger E <eeffen@sun.ac.za>;
Ginsburg AE <aimee@sun.ac.za>; Gola NP <npg@sun.ac.za>; Marais Elrike
<emarais@sun.ac.za>; Myburgh M <marike@sun.ac.za>; Nel W
<wnel@sun.ac.za>; Roux Danie (Sportburo) <djr@sun.ac.za>; Rhodes JI
<jir@sun.ac.za>; Swart BL <bls@sun.ac.za>; Verwey R <rv@sun.ac.za>;
Willows-Munro S <sm2@sun.ac.za>; Bates, Michael F; Botes A
<abotes@sun.ac.za>; Esterhuyse MM <mme2@sun.ac.za>; Gouws G
<ggouws@sun.ac.za>; Knowles T <tknowles@sun.ac.za>; Lynda L Sharpe
(E-mail); Maleri Rudolf <rmaleri@sun.ac.za>; Pardini AT
<pardini@sun.ac.za>; Rambau RV <rvr2@sun.ac.za>; Terblanche JS
<jst@sun.ac.za>; Teske PR <pt1@sun.ac.za>; Van den Worm Johan
<jhvdw@sun.ac.za>
Cc: Cilliers, Ryno & Marrianne; De Kock, Anneke; Esti Mellet-Mass;
Malherbe, Karen; Marlise Basson; Parkes, George; Van Eeden, Gabrie &
Sandra; West, Andrew
Subject: FW: Virus alert!
Importance: High
From: Davids Ricardo, Mr <rdd@sun.ac.za>
Sent: 20 Augustus 2003 08:27
To: Willems Lydia <lwillems@sun.ac.za>
Subject: Virus alert!
worm. It arrives as an email attachment with a .pif or .scr extension.
When run, it infects the host computer, then emails itself (using its
own SMTP engine) to harvested email addresses from the victim's machine.
In addition, when it propagates, the worm "spoofs" the "from: field",
using one of the harvested email addresses.
C:\WINNT\WINPPR32.EXE
contain the following information:
Subject: [content varies]
- Your details
- Thank you!
- Re: Thank you!
- Re: Details
- Re: Re: My details
- Re: Approved
- Re: Your application
- Re: Wicked screensaver
- Re: That movie
- See the attached file for details
- Please see the attached file for details
- your_document.pif
- document_all.pif
- thank_you.pif
- your_details.pif
- details.pif
- document_9446.pif
- application.pif
- wicked_scr.scr
- movie0045.pif