You must be logged in to post messages.
Please login or register

Technical Forum
Moderated by Jayhawk

Hop to:    
Topic Subject: Suspicious mail from Winzip
posted 06-07-03 22:37 ET (US)   
Yesterday I received a mail from "" with the mail subject "Approved". I opened the mail and inside was a message telling me to have a look at the attachment. The attachment was a Perl CGI file (with the extension .pl). It looked dangerous so I ignored it and deleted the mail.

Just now when I checked my mail again there was this message from "" with subject title "Re:Approved". Again I deleted it.

Any of you received such mail? Is it a virus or something?

posted 06-08-03 00:44 ET (US)     1 / 9  
Certainly sounds like one to me. I delete any mails from people I don't know, with attachments for programmes I know I don't use, or with messages that do not make sense.

"War does not decide who is right... only who is left." -Bertrand Russell
posted 06-08-03 03:48 ET (US)     2 / 9  
I'm 99.9% sure that's a virus.. probably W32.Sobig.C@mm.

I delete most 'suspicious' mails, but I'm also very curious... before I delete them, I will go through the trouble of extracting the attachment without opening the mail, and subsequently run the file through an anti-virus program to see which virus it is

posted 06-08-03 05:42 ET (US)     3 / 9  
Isn't that very risky?

Anyway, what puzzles me is how this virus makes use of Winzip's address to send mail...

posted 06-08-03 05:56 ET (US)     4 / 9  
What Pecunia does is not very risky if you know what you are doing, I've done that myself a few times.

It is a virus.
Some of the virus are coded to claim they come from a specific compagny, to make them look more trustworthy they even use a mailaddress from that compagny, most common is Microsoft, IBM, Norton and McAfee, Winzip is new to me. A virus can also take a mailaddress in your adressbook and make it look like it is send from that address instead of from you.

If you know how to use Base64 you can do the same yourself. Base64 is a very old programming language made for sending mails without using the mailprograms we use today. Spammers very often use Base64 for making it harder to find them and spam their mailbox.

Pleasant words are a honeycomb, sweet to the soul and healing to the body. Pr. 16:24
posted 06-08-03 06:34 ET (US)     5 / 9  
As PCD says, it isn't that risky when you know what you're doing... most risky thing is accidentally leaving the virus on your pc after scanning it: someone *might* just execute it. Hmm.. I now remember that I still have Yaha.P somewhere on my computer...

PCD: isn't Base64 only a way of encoding files, and not a programming language?

posted 06-08-03 06:42 ET (US)     6 / 9  
Had a virus email that claimed to be from a security company with a patch for IE 6. It was an attachment of 64kbs since I don't accept attachments from anybody that hasn't advised me in advance just deleted it
posted 06-08-03 07:50 ET (US)     7 / 9  

Guess so. Don't ask me for the difference, I'm not a programmer
For finding out one could try searching for Base64 on google

Pleasant words are a honeycomb, sweet to the soul and healing to the body. Pr. 16:24

[This message has been edited by Proconsul Creaticus Dania (edited 06-08-2003 @ 07:51 AM).]

posted 06-08-03 08:04 ET (US)     8 / 9  
I already searched for "base64 programming language" on Google but all I got was programs written in one or another language, implementing base64 encoding.

Some good tech info on base64:

posted 06-08-03 16:51 ET (US)     9 / 9  
Your August DX,

You did the right thing. Good instincts!

Smart users can protect themselves from virus attacts to a great extent by developing these instincts and just deleting the bad little buggers.

There are people who like to play with snakes and spiders however. But most of us are not Heavens technical Cherubs


J a c k N o i r

Caesar IV Heaven » Forums » Technical Forum » Suspicious mail from Winzip
You must be logged in to post messages.
Please login or register
Hop to:    
Caesar IV Heaven | HeavenGames