homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

Is this one of you guys? - spotting spam/virus mail

 5:32 pm on Oct 15, 2002 (gmt 0)

Think I'm being spammed but it is from a web design compay.

Msg reads:

Hey Nick, just got a blank email from you buddy, what's up?


Any thoughts...?




 5:49 pm on Oct 15, 2002 (gmt 0)

Nick, it's not one of those Bugbear virus messages, is it? It takes all kinds of stuff off the hard drive and rearranges it into a well known word or phrase.


 5:54 pm on Oct 15, 2002 (gmt 0)

Well, it's multi-part which makes me suspicious to start with. Here's the interesting portion:

Content-Type: application/ms-tnef;
Content-Transfer-Encoding: base64
Content-Disposition: attachment;

A.... and so on....

I'm on Linux so it doesn't worry me, in fact I don't even know what bugbear is but I dislike this kind of thing...



 5:55 pm on Oct 15, 2002 (gmt 0)

Well I can report that I am getting increased spam from web design companies too.

Some is definately not bugbear - Thought about response telling them how stupid they are but the bin wastes less of my time :-)

Better not have anything to do with the various containers I popped my card into at the pubcon... no one could be that stupid could they?


 5:56 pm on Oct 15, 2002 (gmt 0)

Nick, check out the bugbear news story here. [news.bbc.co.uk]

My antivirus systems zap everything before I get the chance to see it. A good thing really.

[edited by: engine at 5:58 pm (utc) on Oct. 15, 2002]


 5:57 pm on Oct 15, 2002 (gmt 0)

Try feeding "winmail.dat" into Google

The Horses Mouth, so to speak comes up with

This article describes how either an Exchange Server administrator or end users can prevent the Winmail.dat attachment from being sent to Internet users when using the Microsoft Exchange Internet Mail Connector (IMC).

When an end user sends mail to the Internet from an Exchange Windows or Outlook client, a file attachment called Winmail.dat may be automatically added to the end of the message if the recipient's client cannot receive messages in Rich Text Format (RTF). The Winmail.dat file contains Exchange Server RTF information for the message, and may appear to the recipient as a binary file. It is not useful to non-Exchange Server recipients.


 6:01 pm on Oct 15, 2002 (gmt 0)

Nick_W I think the inclusion of winmail.dat means someone on MS is trying to send a richtext email.

Check google for winmail.dat


 6:16 pm on Oct 15, 2002 (gmt 0)

I reckon this originates from a bugbear message. The fact that it comes from a MS client suggests this to me.

Stick with me on this, someone with the virus has Nick_W's e-mail address and possibly the other guy. Bugbear takes all this info and throws it together into a partly credible message addressed from Nick_W. It could also send nonsense, too. Neither you nor the other party would neccessarily have the bugbear virus on your system, only the originator may have it. It's very difficult to track the originator down.


 6:45 pm on Oct 15, 2002 (gmt 0)

I agree with engine.


That looks like an asci representation of an executable. All viruses I get have that hog wash at the end like the email parsed the attachment like text.


 6:49 pm on Oct 15, 2002 (gmt 0)

Yep, figures.

I'm using Mutt (hardcore text based client) and I've had plenty of this kind before. just not in this 'so clickable' format.

Thanks everyone..



 8:51 pm on Oct 17, 2002 (gmt 0)

I've been getting more spam from web design companies also, but I didn't go to pubcon, I doubt that is where it's from.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved