Nick, it's not one of those Bugbear virus messages, is it? It takes all kinds of stuff off the hard drive and rearranges it into a well known word or phrase.

Well, it's multi-part which makes me suspicious to start with. Here's the interesting portion:

------=_NextPart_000_0002_01C27437.50879000
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"

eJ8+IiwRAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANIHCgAPAAoAKAAAAAIAJgEB
A5AGAHAGAAAnAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADAC4AAAAAAAMANgAA
A.... and so on....

I'm on Linux so it doesn't worry me, in fact I don't even know what bugbear is but I dislike this kind of thing...

Nick

Well I can report that I am getting increased spam from web design companies too.

Some is definately not bugbear - Thought about response telling them how stupid they are but the bin wastes less of my time :-)

Better not have anything to do with the various containers I popped my card into at the pubcon... no one could be that stupid could they?

Nick, check out the bugbear news story here. [news.bbc.co.uk]

My antivirus systems zap everything before I get the chance to see it. A good thing really.

[edited by: engine at 5:58 pm (utc) on Oct. 15, 2002]

Try feeding "winmail.dat" into Google

The Horses Mouth, so to speak comes up with

This article describes how either an Exchange Server administrator or end users can prevent the Winmail.dat attachment from being sent to Internet users when using the Microsoft Exchange Internet Mail Connector (IMC).

When an end user sends mail to the Internet from an Exchange Windows or Outlook client, a file attachment called Winmail.dat may be automatically added to the end of the message if the recipient's client cannot receive messages in Rich Text Format (RTF). The Winmail.dat file contains Exchange Server RTF information for the message, and may appear to the recipient as a binary file. It is not useful to non-Exchange Server recipients.

Nick_W I think the inclusion of winmail.dat means someone on MS is trying to send a richtext email.

Check google for winmail.dat

I reckon this originates from a bugbear message. The fact that it comes from a MS client suggests this to me.

Stick with me on this, someone with the virus has Nick_W's e-mail address and possibly the other guy. Bugbear takes all this info and throws it together into a partly credible message addressed from Nick_W. It could also send nonsense, too. Neither you nor the other party would neccessarily have the bugbear virus on your system, only the originator may have it. It's very difficult to track the originator down.

I agree with engine.

eJ8+IiwRAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANIHCgAPAAoAKAAAAAIAJgEB
A5AGAHAGAAAnAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADAC4AAAAAAAMANgAA

That looks like an asci representation of an executable. All viruses I get have that hog wash at the end like the email parsed the attachment like text.

Yep, figures.

I'm using Mutt (hardcore text based client) and I've had plenty of this kind before. just not in this 'so clickable' format.

Thanks everyone..

Nick

I've been getting more spam from web design companies also, but I didn't go to pubcon, I doubt that is where it's from.