RE: Email Harvesting virus?

["David Vincent" <david.vincent () mightyoaks com>]

> > A customers machine appears to be infected with some type of malware 
> > that apparently harvests email addresses and puts them into a file named

> > '~'.  Just the tilde ~, no extention.  This file is created under the 
> > C:\Documents and Settings\%username%\~.  I have attached a zipped copy 
> > of the file for refrence.
> >  
> > I came across the file earlier today, renamed it and copied it off to a 
> > keychain USB drive for later analysis. Well, the file re-created itself 
> > and the malware creating it is not immediately apparent.  I've scanned 
> > all the running apps but I haven't had much time to investigate.
> >  
> > Any ideas?
>
> Microsoft Word? :) It appears to be one of the backup files 
> that Word makes while you are working.

this is a side effect of the Q330994 patch for outlook express.  check it
out, that file is only a copy of your address book.  see it on tons of
machines, and i haven't found any solution to it yet.

http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=utf-8&q=q330994+patch+%7E
&btnG=Google+Search


-d

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html