Full Disclosure mailing list archives

Re: Email Harvesting virus?

From: "gregh" <chows () ozemail com au>
Date: Tue, 7 Oct 2003 20:16:55 +1000

----- Original Message ----- 
From: Joel R. Helgeson
To: full-disclosure () lists netsys com
Sent: Tuesday, October 07, 2003 12:44 PM
Subject: [Full-disclosure] Email Harvesting virus?

I came across an intersting event today. I haven't been able to research

it as much as I'd like, but I'd like to toss it out to the

community just the same.

A customers machine appears to be infected with some type of malware that

apparently harvests email addresses and puts them into > a file named '~'.
Just the tilde ~, no extention.  This file is created under the C:\Documents
and Settings\%username%\~.  I have

attached a zipped copy of the file for refrence.



This happened a while ago in an MS update and it depends on a few things
where the tilde file ends up on your system. It is on desktop on most but in
My Documents, for example, on mine.

It is a WAB file or an email address book. Not a good idea sending that to a
list, BTW.

Greg.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Email Harvesting virus? Joel R. Helgeson (Oct 06)
- Re: Email Harvesting virus? Blue Boar (Oct 06)
- Re: Email Harvesting virus? Michael J McCafferty (Oct 06)
- Re: Email Harvesting virus? Mary Landesman (Oct 06)
- Re: Email Harvesting virus? gregh (Oct 07)
- <Possible follow-ups>
- Fw: Email Harvesting virus? http-equiv () excite com (Oct 06)
- RE: Email Harvesting virus? David Vincent (Oct 07)
  - Re[2]: Email Harvesting virus? Papp Geza (Oct 07)