[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Email Harvesting virus?
- To: "Joel R. Helgeson" <joel@helgeson.com>
- Subject: Re: [Full-Disclosure] Email Harvesting virus?
- From: "Mary Landesman" <mlande@bellsouth.net>
- Date: Tue, 7 Oct 2003 00:51:19 -0400
There is a bug that was introduced by Outlook Express Update 330994.
Basically, everytime a change is made to the address book, OE makes a backup
into a ~ file. Obviously I can't say for sure that is what you are
experiencing, but it certainly sounds like it.
There's a thread on it here:
http://forums.about.com/ab-antivirus/messages?lgnF=y&msg=1360.1
Regards,
Mary Landesman
Antivirus About.com Guide
http://antivirus.about.com
----- Original Message -----
From: "Joel R. Helgeson" <joel@helgeson.com>
To: <full-disclosure@lists.netsys.com>
Sent: Monday, October 06, 2003 10:44 PM
Subject: [Full-Disclosure] Email Harvesting virus?
I came across an intersting event today. I haven't been able to research it
as much as I'd like, but I'd like to toss it out to the community just the
same.
A customers machine appears to be infected with some type of malware that
apparently harvests email addresses and puts them into a file named '~'.
Just the tilde ~, no extention. This file is created under the C:\Documents
and Settings\%username%\~. I have attached a zipped copy of the file for
refrence.
I came across the file earlier today, renamed it and copied it off to a
keychain USB drive for later analysis. Well, the file re-created itself and
the malware creating it is not immediately apparent. I've scanned all the
running apps but I haven't had much time to investigate.
Any ideas?
Joel R. Helgeson
Director of Networking & Security Services
SymetriQ Corporation
"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll
be warm for the rest of his life."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html