Possible virus warning

[Richard Gaskin]

stephen barncard wrote:

> Google didn't choke on this guy and they appear to be binary... images......

I moved the attachment over to a machine I keep quarantined for such 
explorations, and un-rarred it.  In addition to the images there are 
also some very small Java source files and a Rev stack.  I don't have 
Rev on my quarantine machine so I wasn't able to run it, but looking at 
the raw data for the stack file it appears to be a runnable stack with a 
fairly innocuous script.

Either someone went to a lot of work to make a very convincing Trojan 
horse targeted specifically at the Rev community which uses some obscure 
and tiny data-embedded hack that eludes most normal means of reviewing 
the file contents, or this was sent out to the use-rev list members by 
some weird tech glitch that I can't figure out.

Either way, since I got my copy of that potential-Trojan-horse just 
minutes after the Rev forum was taken offline from an apparent DoS 
attack, it's hard not to imagine there may be some connection between 
the two.

Whether the email is part of the culprit's work or just another victim 
like all of us who shouldn't have rec'd that unsolicited email remains 
to be seen.

--
  Richard Gaskin
  Fourth World
  Rev training and consulting: http://www.fourthworld.com
  Webzine for Rev developers: http://www.revjournal.com
  revJournal blog: http://revjournal.com/blog.irv