Focus on Virus
blocking BHX files with MIME May 16 2006 11:53AM
lsi (stuart cyberdelix net) (2 replies)
Re: blocking BHX files with MIME May 17 2006 02:26AM
Nick FitzGerald (nick virus-l demon co uk)
Re: blocking BHX files with MIME May 17 2006 01:33AM
Peter Kosinar (goober ksp sk)
Hello,

> YmVnaW4gNj

Is it really the BHX (=BinHex) file format? Decoding the MIME sequence
yields "begin 6" (+one incomplete character), which looks very similar to
the UUE format. If it is actually UUE, the signature might be a bit too
weak because a perfectly valid UUEncoded file could start with "begin 4"
or "begin 7" or any other octal digit, as the three octal digits following
"begin" specify the permissions of the encoded file.

> I forward this info as I've seen some BHX files come in recently
> attached to fake bounce messages, I presume its a virus of some kind

I'd expect them to be instances of the Win32/VB.NEI (NOD32) or W32/Nyxem.E
or whatever your favourite antivirus calls it.

Peter

--
[Name] Peter Kosinar [Quote] 2B | ~2B = exp(i*PI) [ICQ] 134813278

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus