[Esd-l] .md file
John D. Hardin
jhardin at impsec.org
Fri Mar 5 17:00:19 PST 2004
On Fri, 5 Mar 2004, Jeff Bettes wrote:
> attachment was pd75000001409.md
>
> whats a ".md" file
Huh. I've never seen an executable with that extension before.
http://filext.com/detaillist.php?extdetail=md
"MDCD Compressed Archive File"? Anybody know what that is? Is this
something WinZip groks?
(thought: should the sanitizer now start scanning .tgz and recognize
.gz files too? WinZip groks them, so they might conceivably be an
attack vector soon...)
The text below looks like one of the current Social Engineering
attacks.
> > Subject:
> > E-mail account disabling warning.
> > From:
> > administration at officereach.net
> > Date:
> > Fri, 05 Mar 2004 11:56:47 -0800
> > To:
> > honeychurch at officereach.net
> >
> > Dear user of e-mail server "Officereach.net",
> >
> > Our antivirus software has detected a large ammount of viruses outgoing
> > from your email account, you may use our free anti-virus tool to clean up
> > your computer software.
> >
> > For details see the attached file.
> >
> > Have a good day,
> > The Officereach.net team http://www.officereach.net
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
29 days until the Slovakian Presidential Election
More information about the esd-l
mailing list