[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Email Harvesting virus?

To: "Joel R. Helgeson" <joel@helgeson.com>
Subject: Re: [Full-Disclosure] Email Harvesting virus?
From: Blue Boar <BlueBoar@thievco.com>
Date: Mon, 06 Oct 2003 21:02:44 -0700

Joel R. Helgeson wrote:

A customers machine appears to be infected with some type of malware that apparently harvests email addresses and puts them into a file named '~'. Just the tilde ~, no extention. This file is created under the C:\Documents and Settings\%username%\~. I have attached a zipped copy of the file for refrence. I came across the file earlier today, renamed it and copied it off to a keychain USB drive for later analysis. Well, the file re-created itself and the malware creating it is not immediately apparent. I've scanned all the running apps but I haven't had much time to investigate. Any ideas?

Microsoft Word? :) It appears to be one of the backup files that Word makes while you are working.

BB

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Email Harvesting virus?
  - From: "Joel R. Helgeson" <joel@helgeson.com>

Prev by Date: Fw: [Full-Disclosure] Email Harvesting virus?
Next by Date: Re: [Full-Disclosure] Email Harvesting virus?
Previous by thread: Re: [Full-Disclosure] Email Harvesting virus?
Next by thread: Re: [Full-Disclosure] Email Harvesting virus?
Index(es):
- Date
- Thread