Full Disclosure mailing list archives
RE: Email Harvesting virus?
From: "David Vincent" <david.vincent () mightyoaks com>
Date: Tue, 7 Oct 2003 09:31:22 -0700
A customers machine appears to be infected with some type of malware that apparently harvests email addresses and puts them into a file named
'~'. Just the tilde ~, no extention. This file is created under the C:\Documents and Settings\%username%\~. I have attached a zipped copy of the file for refrence. I came across the file earlier today, renamed it and copied it off to a keychain USB drive for later analysis. Well, the file re-created itself and the malware creating it is not immediately apparent. I've scanned all the running apps but I haven't had much time to investigate. Any ideas?Microsoft Word? :) It appears to be one of the backup files that Word makes while you are working.
this is a side effect of the Q330994 patch for outlook express. check it out, that file is only a copy of your address book. see it on tons of machines, and i haven't found any solution to it yet. http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=utf-8&q=q330994+patch+%7E &btnG=Google+Search -d _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Email Harvesting virus? Joel R. Helgeson (Oct 06)
- Re: Email Harvesting virus? Blue Boar (Oct 06)
- Re: Email Harvesting virus? Michael J McCafferty (Oct 06)
- Re: Email Harvesting virus? Mary Landesman (Oct 06)
- Re: Email Harvesting virus? gregh (Oct 07)
- <Possible follow-ups>
- Fw: Email Harvesting virus? http-equiv () excite com (Oct 06)
- RE: Email Harvesting virus? David Vincent (Oct 07)
- Re[2]: Email Harvesting virus? Papp Geza (Oct 07)