[28536] in North American Network Operators' Group
Re: uuencoded Love Worm variant
daemon@ATHENA.MIT.EDU (Bennett Todd)
Fri May 5 14:23:24 2000
Date: Fri, 5 May 2000 14:18:50 -0400
From: Bennett Todd <bet@rahul.net>
To: Eric Conrad <econrad@bu.edu>
Cc: nanog@merit.edu
Message-ID: <20000505141850.F618@rahul.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="V4b9U9vrdWczvw78"
In-Reply-To: <Pine.SOL.4.10.10005051330270.25795-100000@it>; from econrad@bu.edu on Fri, May 05, 2000 at 01:44:16PM -0400
Errors-To: owner-nanog-outgoing@merit.edu
--V4b9U9vrdWczvw78
Content-Type: text/plain; charset=us-ascii
2000-05-05-13:44:16 Eric Conrad:
> I caught one of these uuencoded 'in the wild'. It would have
> slipped through my filters if not for the standard Subject: line.
Does anyone know for sure that the uuencoded version isn't actually
devenomed by the uuencoding? I.e. is there any known gateway that
will turn the uuencoded attachment back into the known-virulent
MIME, or any known MUA that will offer to execute the uuencoded
script with a simple click? If the user has to go out of their way
to expressly decode the thing into a file, then deliberately execute
that file, that varient of the worm won't spread like wildfire; I'm
content to let it pass.
-Bennett
--V4b9U9vrdWczvw78
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5ExCKL6KAps40sTYRASeTAKCMRvbVKABrzWOW26TvXoLy337V/wCeP6XT
PefgTTNRCqnZkUAgnflnt3Q=
=Wiz+
-----END PGP SIGNATURE-----
--V4b9U9vrdWczvw78--
