Fog Creek Software
Discussion Board

Is email from a Trojan?

I received an email purportedly from "". It contained the following text:

"Please see the attached zip file for details."

And there was a binary file enclosed called "UNKNOWN_PARAMETER_VALUE". Windows XP thinks it's a zipped folder.

Umm... is this a security risk? Is there a trustworthy web site or discusion group where this kind of question is best answered?

Reginald Braithwaite-Lee
Wednesday, June 25, 2003

post scriptum:

I know this flirts with being off topic for JOS, but in the unlikely event that this email is a trojan of some kind, it may be aimed at programmers...

Reginald Braithwaite-Lee
Wednesday, June 25, 2003

Copy it to a non-Microsoft box and see what's inside!

Wednesday, June 25, 2003

Sounds pretty suspicious. I'd expect that any actual email from Sun would have come with a bit more explanation of what it was.

This is probably another one of those worm programs that tries to exploit a bug in Microsoft Outlook, by looking like a data file, when in fact it's a program. you could save it and open it with WinZip if you wanted to see what's inside.

The various anti-virus vendors (Symantec, Mcafee) all have web pages with virus "news", which you could take a look at.

Mark Bessey
Wednesday, June 25, 2003

Freaky. Three people at our company just got one of these each this morning, but all with a different sender (someone from the address book in each case), subject line and attachment file name.

The zip file we received was 22 bytes long, and appeared to be a valid, but empty zip file.

Big B
Wednesday, June 25, 2003

Could i t be this???

Wednesday, June 25, 2003

I just got this:

From:    Block Sender | Add to Address Book 
To: <my e-mail address>
Subject: Re: Application
Date: Wed, 25 Jun 2003 11:30:31 -0700

Please see the attached zip file for details.

The Zip contained a .pif. A .pif will execute like an .exe - just like a .scr. It's a virus.

The domain could've been spoofed.
Wednesday, June 25, 2003

> Please see the attached zip file for details.

That was the end of the e-mail, the sentances below that are my commentary.
Wednesday, June 25, 2003

Scott McNeally doesn't like windows users enough to mail them a virus

Wednesday, June 25, 2003

It's the sobig virus variant. I received it from Microsoft, Nasa and a few others high profile companies. So it must be a world wide conspiracy.

A few dozen made it to my mail boxes as the virus scanner on my mail server doesn't recognize it yet. There goes my recommendation for clamav.

Jan Derk
Wednesday, June 25, 2003

slightly offtopic, but I can't work out why these viruses use generic subject lines.  They go through your inbox looking for addresses etc yet they send standard mails to users.  Why don't they instead reply to your mails?  I'd have thought that would prove sligthly more effective?  Anyone seen something like that?

Thursday, June 26, 2003

*  Recent Topics

*  Fog Creek Home