Security Basics mailing list archives
RE: New Virus?
From: "Hayden Searle" <hayden.searle () safecom co nz>
Date: Wed, 29 Jun 2005 09:48:24 +1200
Hi Hamish I got the same emails yesterday also. I got about 3 of them though. The attachments were called original.zip and the subject was either Is sent SMS or The picture is sent on SMS Our mail system removed the exe's in the zips for Dangerous attachments inbound so I don't have the original files but nothing picked it up either Nortons or Sophos. Will be submitting to both for analysis. Will report back when I get a result. Hayden Searle Network Security Specialist -----Original Message----- From: Hamish Stanaway [mailto:koremeltdown () hotmail com] Sent: Tuesday, 28 June 2005 10:42 a.m. To: security-basics () securityfocus com Subject: New Virus? Hey there everyone, I recieved a mysterious email this morning at 1728 GMT which had headers as follows: Return-path: <hamish1 () voyager co nz> Envelope-to: hamish1 () webhosting net nz Delivery-date: Tue, 28 Jun 2005 05:22:44 +1200 Received: from [217.125.252.60] (helo=david.org) by fearless.absolutewebhosting.biz with smtp (Exim 4.24) id 1DmxJg-0003ou-Rg for hamish1 () webhosting net nz; Tue, 28 Jun 2005 05:22:41 +1200 Date: Mon, 27 Jun 2005 19:20:42 +0100 To: "Hamish" <hamish1 () webhosting net nz> From: "Hamish" <hamish1 () voyager co nz> Subject: The picture is sent on SMS Message-ID: <pvkpnopcnwraqblcgfg () webhosting net nz> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------hukvuvgobciyuhmojdug" -------------------- END SNIP----------------------- As you can guess, I'm hamish1 () webhosting net nz. This email contained no text, only an attachment called legs.zip, which Norton (fully updated to its' latest version and data files) did not detect any viruses in. Within the legs.zip file there is a file called ds-rwe.exe - this again was not detected as a virus. My girlfriend thought she would be smart and ran ds-rwe.exe, which gave me a memory overflow message for explorer.exe immidiately. Does anyone have any idea of what this might be, and also if it is a virus that has already been identified? If not, I am willing to pass it through to someone to take a look at in its' zip format. Otherwise if the effects cannot be reversed, I am afraid I will have to reformat this machine *sigh* NOT AGAIN :( Have a great day everyone and thanks in advance for your help. Kindest of regards, Hamish Stanaway, CEO Absolute Web Hosting / -= KoRe WoRkS =- Internet Security Auckland, New Zealand http://www.webhosting.net.nz http://www.buywebhosting.co.nz http://www.koreworks.com ##################################################################################### Important: This electronic message and attachments (if any) are confidential and may be legally privileged. If you are not the intended recipient do not copy, disclose or use the contents in any way. Please let us know by return e-mail immediately and then destroy this message. #####################################################################################
Current thread:
- RE: New Virus?, (continued)
- RE: New Virus? David Gillett (Jun 29)
- Re: New Virus? securityfocus (Jun 29)
- Re: New Virus? Ansgar -59cobalt- Wiechers (Jun 29)
- Re: New Virus? cc (Jun 29)
- Re: New Virus? Alan Apperson (Jun 29)
- Re: New Virus? Justin Gill (Jun 29)
- Re: New Virus? ChayoteMu (Jun 29)
- RE: New Virus? J.Ayoola (Jun 29)
- RE: New Virus? Hamish Stanaway (Jun 30)
- RE: New Virus? Dan Denton (Jun 29)
- RE: New Virus? Hayden Searle (Jun 29)
- re: New Virus? meowbaby (Jun 29)
- RE: New Virus? Wiersma, S. (Stefan) (Jun 29)