X-Message-Number: 24482
Date: Sun, 08 Aug 2004 04:29:25 -0700
From: James Swayze <>
Subject: Virus warning

This is a heads up for al our friends. CCd to several lists

My email address is being spoofed and so far only Michael C. Price has 
received an email with an attachment that alleges to come from me. The 
internet even sends back to me emails that have failed probably because 
he has wisely filtered them by now. I have checked the attachment on one 
of these returned falsely retrned to me, and it has a tiny little BMP 
that looks really weird. It only has colored dots here and there against 
a black background and it is only a few dozen pixels long a much fewer 
tall. I can safely view it because I do not have MS Internet Explorer 
even on my system and this is apparrently required for being infected 
along with Russian Language version of Windows only for sending. I have 
checked my registry for the required signs of it and am clean as well as 
coming up clean on scans with Norton AV completely updated. See the 
following article for directions for detecion and removal. It would seem 
though that only someone with Russian language Windows OS need worry but 
this may be not the case now as the article is from May 2004.

I had thought perhaps someone not liking me was deliberately spoofing my 
address but when looking at the header information it is easy to see 
that a Trojan has tried dumbly to mimic my address as it says "From: 
swayzej <>". Of course all my emails are not 
addressed so and would have my full name not merely swayzej. Furthermore 
I do not have Michael's email address even in my address book. Also I 
use Netscape exclusively. I think it wise for everyone in these lists 
that has access to both our addresses to please check their systems. 
Thank you.




BMP trojan results from source code leak

TROJ_BMPAGENT (Trend Micro) a.k.a. Agent Trojan (Kaspersky) was 
discovered on May 14, 2004. The trojan uses a specially crafted BMP 
image file to download and run arbitrary code on impacted systems.

A leak in the Windows 2000 Service Pack 1 source code last February 
immediately led to the discovery of an integer overflow exploit 
involving BMP files and was published on the Internet in mid-February 
2004. TROJ_BMPAGENT is the first known live exploit resulting from that 

Though the source code leak involved Windows 2000 SP1, the exploit 
impacts all Windows users who have either Internet Explorer v5 or v5.5 
installed. Those versions of Internet Explorer simply need to be 
installed; they do not need to be the user's default browser in order to 
be exploited. Though the integer overflow condition remains unpatched in 
versions 5 and 5.5 of Internet Explorer, versions 6 and higher are not 

The Agent Trojan, a.k.a. TROJ_BMPAGENT specifically impacts users of the 
Russian language version of Windows running either Internet Explorer 
version 5 or 5.5. [cont.]

Membership in order of joining:
Cryonics Institute of Michigan	http://www.cryonics.org
The Immortalist Society		http://www.cryonics.org/info.html
The Society for Venturism	http://www.venturist.org
Immortality Institute		http://www.imminst.org
Methuselah Foundation		http://www.methuselahfoundation.org
Methuselah Mouse Prize		http://www.methuselahmouse.org
[Give $$$ for life!]
World Transhumanist Assoc.	http://www.transhumanism.org/

MY WEBSITE: http://www.davidpascal.com/swayze/

Rate This Message: http://www.cryonet.org/cgi-bin/rate.cgi?msg=24482