Mon Sep 22 10:25:07 PDT 2003
On Sunday 21 September 2003 16:40, Andrew Morton wrote:
> James Morris <email@example.com> wrote:
> > Does anyone have a good procmail recipe for catching this one? I've
> > managed to block 26MB of it (just for my account), but can't keep up with
> > all of the variations.
> I've been dying from it. The below is lame, but seems to trap it all.
this is a very lame virus, obviously written by a kindergarden kid.
I filter it by it's signature, the weakness of the virus is in the junk it
1. It's always an html with 2 gifs and an exe.
2. The md5sum is always the same(look bellow)
3. It has a programming bug where sometimes the executable included is 0 bytes
Like having a sticker on it's back "It's me Swen". Amateurs :-)
linux:/kgdb # md5sum /tmp/virus*
linux:/kgdb # md5sum /tmp/virus*.gif
linux:/kgdb # md5sum /tmp/virus*.exe
Peace can only come as a natural consequence
of universal enlightenment. -Dr. Nikola Tesla
More information about the linux-elitists