Security Basics mailing list archives
RE: Analyzing Suspicious Attachment
From: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Date: Thu, 17 Jan 2008 14:09:12 -0600
Give http://www.virustotal.com/ a try. Nick Vaernhoej "Quidquid latine dictum sit, altum sonatur." -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Al Cooper Sent: Thursday, January 17, 2008 11:18 AM To: security-basics () securityfocus com Subject: Analyzing Suspicious Attachment We had a user open a suspicious attachment. The attachment did not open so she sent it to two of her colleges. One of her colleges was also unable to open the file, but the third person did successfully open the file. The attachment did not match the original email and IT was eventually called, a few hours later. The three computer have been removed from the network. I have the attachment. It is a zip file. Inside the zip file is one .scr file. The antivirus (Symantec) did not catch anything when the file was opened. The email is an HTML email and there are pictures that can be downloaded. Outside of the obvious policy and training issues, what is the best way to determine what if any damage has been done to the network? What tools do I need to analysis the attachment to see what it is and how it works? Thanks for your help, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message. Thank you.
Current thread:
- Re: Remote desktop access policy, (continued)
- Re: Remote desktop access policy Josh Haft (Jan 18)
- Re: Remote desktop access policy The Security Community (Jan 18)
- Re: Remote desktop access policy Kurt Buff (Jan 19)
- Re: Remote desktop access policy WALI (Jan 21)
- Re: Remote desktop access policy Kurt Buff (Jan 21)
- Re: Remote desktop access policy Gleb Paharenko (Jan 18)
- Re: Remote desktop access policy Kurt Buff (Jan 19)
- Re: Analyzing Suspicious Attachment brian . bevers (Jan 17)
- RE: Analyzing Suspicious Attachment Richard Golodner (Jan 18)
- Re: Analyzing Suspicious Attachment Josh Haft (Jan 18)
- RE: Analyzing Suspicious Attachment Petter Bruland (Jan 18)
- Re: Analyzing Suspicious Attachment Lee Hinman (Jan 18)