X-Message-Number: 24482 Date: Sun, 08 Aug 2004 04:29:25 -0700 From: James Swayze <> Subject: Virus warning This is a heads up for al our friends. CCd to several lists My email address is being spoofed and so far only Michael C. Price has received an email with an attachment that alleges to come from me. The internet even sends back to me emails that have failed probably because he has wisely filtered them by now. I have checked the attachment on one of these returned falsely retrned to me, and it has a tiny little BMP that looks really weird. It only has colored dots here and there against a black background and it is only a few dozen pixels long a much fewer tall. I can safely view it because I do not have MS Internet Explorer even on my system and this is apparrently required for being infected along with Russian Language version of Windows only for sending. I have checked my registry for the required signs of it and am clean as well as coming up clean on scans with Norton AV completely updated. See the following article for directions for detecion and removal. It would seem though that only someone with Russian language Windows OS need worry but this may be not the case now as the article is from May 2004. I had thought perhaps someone not liking me was deliberately spoofing my address but when looking at the header information it is easy to see that a Trojan has tried dumbly to mimic my address as it says "From: swayzej <>". Of course all my emails are not addressed so and would have my full name not merely swayzej. Furthermore I do not have Michael's email address even in my address book. Also I use Netscape exclusively. I think it wise for everyone in these lists that has access to both our addresses to please check their systems. Thank you. James ** http://antivirus.about.com/cs/allabout/a/bmpagent.htm BMP trojan results from source code leak TROJ_BMPAGENT (Trend Micro) a.k.a. Agent Trojan (Kaspersky) was discovered on May 14, 2004. The trojan uses a specially crafted BMP image file to download and run arbitrary code on impacted systems. A leak in the Windows 2000 Service Pack 1 source code last February immediately led to the discovery of an integer overflow exploit involving BMP files and was published on the Internet in mid-February 2004. TROJ_BMPAGENT is the first known live exploit resulting from that disclosure. Though the source code leak involved Windows 2000 SP1, the exploit impacts all Windows users who have either Internet Explorer v5 or v5.5 installed. Those versions of Internet Explorer simply need to be installed; they do not need to be the user's default browser in order to be exploited. Though the integer overflow condition remains unpatched in versions 5 and 5.5 of Internet Explorer, versions 6 and higher are not impacted. The Agent Trojan, a.k.a. TROJ_BMPAGENT specifically impacts users of the Russian language version of Windows running either Internet Explorer version 5 or 5.5. [cont.] -- Membership in order of joining: Cryonics Institute of Michigan http://www.cryonics.org The Immortalist Society http://www.cryonics.org/info.html The Society for Venturism http://www.venturist.org Immortality Institute http://www.imminst.org Methuselah Foundation http://www.methuselahfoundation.org Methuselah Mouse Prize http://www.methuselahmouse.org [Give $$$ for life!] World Transhumanist Assoc. http://www.transhumanism.org/ MY WEBSITE: http://www.davidpascal.com/swayze/ Rate This Message: http://www.cryonet.org/cgi-bin/rate.cgi?msg=24482