This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Date: Thu, 2 Aug 2001 22:56:44 -0700 To: svlug@svlug.org From: Rick Moen <rick@linuxmafia.com> Subject: [svlug] Fun with SirCam If you're typical of this list, you've been getting an amusing barrage of SirCam-infected file attachments for the past week. I've gotten dozens of them. Each attachment purports to be some sort of MS-Word document, Excel spreadsheet file, or such, which were in fact lifted from the poor sucker's hard drive and bodily included -- prefaced by (it turns out) 137215 bytes of Win32 binary worm code, created in Borland Delphi. But, even though gobs of potentially juicy private documents are getting spewed across the Internet by MS-Windows users -- including reportedly some from sundry governments -- most of us have been simply discarding them as spam-equivalents. Which, I submit to you, gentle readers, is a waste! Just about any binary editor will do, but I recommend John H. Swaby's very useful "fb" viewer/editor for binaries, available in x86 Linux or Win32 binaries, or GPLed source code that'll compile just about anywhere: http://home.mho.net/jswaby/fb.html To separate the attachment into its binary-payload (worm) and document portions, use fb like this: fb c 0.137215 attachment sircam.worm fb c 137216 attachment document ===