Full Disclosure mailing list archives
Re: Email Harvesting virus?
From: Michael J McCafferty <mike () m5computersecurity com>
Date: Mon, 06 Oct 2003 20:55:07 -0700
Joel,I have seen this question, and other similar questions about the file called "~" (tilde), several times in various places lately. This was the answer for them, I am sure it will be for you..... It's an artifact from a MS Cumulative patch for Outlook. See here: http://www.pchell.com/support/tildefile.shtml
I didn't open your attachment, but I think you just sent your customers address book to this list.
Good luck, Mike At 09:44 PM 10/6/2003 -0500, Joel R. Helgeson wrote:
I came across an intersting event today. I haven't been able to research it as much as I'd like, but I'd like to toss it out to the community just the same.A customers machine appears to be infected with some type of malware that apparently harvests email addresses and puts them into a file named '~'. Just the tilde ~, no extention. This file is created under the C:\Documents and Settings\%username%\~. I have attached a zipped copy of the file for refrence.I came across the file earlier today, renamed it and copied it off to a keychain USB drive for later analysis. Well, the file re-created itself and the malware creating it is not immediately apparent. I've scanned all the running apps but I haven't had much time to investigate.Any ideas? Joel R. Helgeson Director of Networking & Security Services SymetriQ Corporation"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life."
************************************************** Michael J. McCafferty Principal, Security Engineer M5 Computer Security 858-576-7325 Voice http://www.m5computersecurity.com **************************************************--- "If you build it, they will hack !" ---
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Email Harvesting virus? Joel R. Helgeson (Oct 06)
- Re: Email Harvesting virus? Blue Boar (Oct 06)
- Re: Email Harvesting virus? Michael J McCafferty (Oct 06)
- Re: Email Harvesting virus? Mary Landesman (Oct 06)
- Re: Email Harvesting virus? gregh (Oct 07)
- <Possible follow-ups>
- Fw: Email Harvesting virus? http-equiv () excite com (Oct 06)
- RE: Email Harvesting virus? David Vincent (Oct 07)
- Re[2]: Email Harvesting virus? Papp Geza (Oct 07)