Is it really the BHX (=BinHex) file format? Decoding the MIME sequence
yields "begin 6" (+one incomplete character), which looks very similar to
the UUE format. If it is actually UUE, the signature might be a bit too
weak because a perfectly valid UUEncoded file could start with "begin 4"
or "begin 7" or any other octal digit, as the three octal digits following
"begin" specify the permissions of the encoded file.
> I forward this info as I've seen some BHX files come in recently
> attached to fake bounce messages, I presume its a virus of some kind
I'd expect them to be instances of the Win32/VB.NEI (NOD32) or W32/Nyxem.E
or whatever your favourite antivirus calls it.
> YmVnaW4gNj
Is it really the BHX (=BinHex) file format? Decoding the MIME sequence
yields "begin 6" (+one incomplete character), which looks very similar to
the UUE format. If it is actually UUE, the signature might be a bit too
weak because a perfectly valid UUEncoded file could start with "begin 4"
or "begin 7" or any other octal digit, as the three octal digits following
"begin" specify the permissions of the encoded file.
> I forward this info as I've seen some BHX files come in recently
> attached to fake bounce messages, I presume its a virus of some kind
I'd expect them to be instances of the Win32/VB.NEI (NOD32) or W32/Nyxem.E
or whatever your favourite antivirus calls it.
Peter
--
[Name] Peter Kosinar [Quote] 2B | ~2B = exp(i*PI) [ICQ] 134813278
[ reply ]