[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Email Harvesting virus?

To: "Joel R. Helgeson" <joel@helgeson.com>, <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] Email Harvesting virus?
From: "gregh" <chows@ozemail.com.au>
Date: Tue, 7 Oct 2003 20:16:55 +1000

> ----- Original Message ----- 
> From: Joel R. Helgeson
> To: full-disclosure@lists.netsys.com
> Sent: Tuesday, October 07, 2003 12:44 PM
> Subject: [Full-Disclosure] Email Harvesting virus?


> I came across an intersting event today. I haven't been able to research
it as much as I'd like, but I'd like to toss it out to the
> community just the same.

> A customers machine appears to be infected with some type of malware that
apparently harvests email addresses and puts them into > a file named '~'.
Just the tilde ~, no extention.  This file is created under the C:\Documents
and Settings\%username%\~.  I have
> attached a zipped copy of the file for refrence.


This happened a while ago in an MS update and it depends on a few things
where the tilde file ends up on your system. It is on desktop on most but in
My Documents, for example, on mine.

It is a WAB file or an email address book. Not a good idea sending that to a
list, BTW.

Greg.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Email Harvesting virus?
  - From: "Joel R. Helgeson" <joel@helgeson.com>

Prev by Date: [Full-Disclosure] [Fwd: DeskPRO News - v1.1.2 and v2.0.0 Beta 4]
Next by Date: [Full-Disclosure] Allchin bug p-o-c.
Previous by thread: Re: [Full-Disclosure] Email Harvesting virus?
Next by thread: Fw: [Full-Disclosure] Email Harvesting virus?
Index(es):
- Date
- Thread