Full Disclosure mailing list archives
Email Harvesting virus?
From: "Joel R. Helgeson" <joel () helgeson com>
Date: Mon, 6 Oct 2003 21:44:53 -0500
I came across an intersting event today. I haven't been able to research it as much as I'd like, but I'd like to toss it out to the community just the same. A customers machine appears to be infected with some type of malware that apparently harvests email addresses and puts them into a file named '~'. Just the tilde ~, no extention. This file is created under the C:\Documents and Settings\%username%\~. I have attached a zipped copy of the file for refrence. I came across the file earlier today, renamed it and copied it off to a keychain USB drive for later analysis. Well, the file re-created itself and the malware creating it is not immediately apparent. I've scanned all the running apps but I haven't had much time to investigate. Any ideas? Joel R. Helgeson Director of Networking & Security Services SymetriQ Corporation "Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life."
Attachment:
~.zip
Description:
Current thread:
- Email Harvesting virus? Joel R. Helgeson (Oct 06)
- Re: Email Harvesting virus? Blue Boar (Oct 06)
- Re: Email Harvesting virus? Michael J McCafferty (Oct 06)
- Re: Email Harvesting virus? Mary Landesman (Oct 06)
- Re: Email Harvesting virus? gregh (Oct 07)
- <Possible follow-ups>
- Fw: Email Harvesting virus? http-equiv () excite com (Oct 06)
- RE: Email Harvesting virus? David Vincent (Oct 07)
- Re[2]: Email Harvesting virus? Papp Geza (Oct 07)