1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Program file found in email could be new worm file??

Discussion in 'Security and Privacy' started by jabfarm, 2009/04/06.

  1. 2009/04/06
    jabfarm Lifetime Subscription

    jabfarm Inactive Thread Starter

    Joined:
    2007/02/23
    Messages:
    62
    Likes Received:
    0
    A friend sent a copy of an email header for me to check to see if I could tell her who sent it . But there is a problem other then it header there is some type of file written in the header. By file I mean if you print this header out you will have 79 pages.
    The message was a spam message for Microsoft/Aol don't have a lottery. But the address that the person used seem to be local that is why she wonted to know who sent it.
    I have ran many checks for virus, trogan,spyware, malware but nothing shows up.
    Today I decided to see if I could find anything out about it. while offline I typed in cmd and checked the file. And what I found was file is not ready to run at this time.
    So now with all the reports I have seen on tv about this new worm that did not start I wounder if it will wait until may 1st by then most wont think about it. That could be the real April fools joke.
    I don't know how to read a program file with letters and numbers .
    PLEASE DO NOT ASK IT BE POSTED HERE .:eek:
    I will not send it to any forum. All I ask is dose anyone know of where I should report it.:rolleyes:
     
    Last edited: 2009/04/06
    jabfarm,
    #1
  2. 2009/04/06
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
    Would you consider forwarding it to an email address then (chuckawa AT blueyonder.co.uk)?

    I doubt a worm would be infectious if it's in the header but that may not have been the original intention (malware programmers aren't the brightest in the block ;))
     
    wildfire,
    #2


  3. to hide this advert.

  4. 2009/04/06
    jabfarm Lifetime Subscription

    jabfarm Inactive Thread Starter

    Joined:
    2007/02/23
    Messages:
    62
    Likes Received:
    0
    You will be getting it in an attach file. I found that is the only way I can send it.
    Will be sent as program found in email.
     
    jabfarm,
    #3
  5. 2009/04/06
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
    Hi jabfarm,

    I've recieved your email and at first glance it's spam and should just be ignored.

    I'll look closer at it tomorrow (today, it's 1 am here) and give you more info.
     
    wildfire,
    #4
  6. 2009/04/08
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Perhaps you don't fully understand what an email header is. This is a sample email header:

    Code:
    From - Wed Apr  8 07:17:13 2009
X-Account-Key: account6
X-UIDL: UID191-1214308775
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-path: <weightliftingz970@theatricantor.com>
Envelope-to: tonyt@tonyt.com
Delivery-date: Wed, 08 Apr 2009 03:46:53 -0400
Received: from [85.121.202.166] (port=2436 helo=DDQRYZTQ)
	by leeway.ezhoster.com with esmtp (Exim 4.69)
	(envelope-from <weightliftingz970@theatricantor.com>)
	id 1LrSUn-0002RP-Fg
	for tonyt@tonyt.com; Wed, 08 Apr 2009 03:46:53 -0400
Received: (from apache@localhost) by p.nsm.ctmail.com (8.13.1/8.13.1/Submit) id LD6BN0WH88888; Wed, 8 Apr 2009 10:45:47 +0200
Date: Wed, 8 Apr 2009 10:45:47 +0200
Message-Id: <761946017968.2DGVEIXN88888@theatricantor.com>
To: tonyt@tonyt.com
Subject: Price for Viagra 50mg x 10 pills US $ 6.00 Per Pill
MIME-Version: 1.0
Content-type: text/html; charset= "ISO-8859-1 "
From:  "Lavonne Roper" <weightliftingz970@theatricantor.com>
X-Priority: 3
X-Mailer: IPB PHP Mailer
    The header is the section of the message that contains routing info. The header cannot contain files. Below a header will be the body of the message, and binary files (images, executables, etc) in the message will look like this:

    Code:
    --_16bd86ab-7ea0-420c-97b9-25888a8ece6d_
Content-Type: image/jpeg
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename= "image001.jpg "

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8l
JCIfIiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoLCw4NDhwQEBw7KCIo
Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAAR
CAIeAa0DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA
AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkK
FhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWG
h4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl
5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREA
AgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYk
NOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOE
hYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk
5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDzMWhGMNSratz81WgePelDe1Ycxvyoq/Zm
JOWFL9mkGMPVkYpyjk0XDlRU8iUdCKQ28oXnrV0r6Um00XDlRRFuynO0Zp3kSnsKube2KcM4
6UXFylLyZey00xTZ+4fwrQ3ECm7iPxo5h8pniKYclTilMMhxnIq/knpS845ouLlM9oW9zTGi
c9jitLnNBwKfMHKZhjYcYxTdritQqpPKg0wop4Kii4cpnBXPQU7ac5xV7bgEhRijYpHQUXFy
lA59KMt6cVdMa4zihUQ9qLhylLPtSiTAxVswoT0pPsymi6DlZT3c8Um81c+zp9KPs6mndBys
     
    TonyT,
    #5
  7. 2009/04/11
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
    Thanks Tony,

    I've been busy the last few days and had totally forgot this thread.

    Jabfarm,

    The binary data is a JPEG image not a program.

    Best advice is bin and ignore.
     
    wildfire,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...