Re: Suspecious JPEG Files

[tclahr () br ibm com]

http://www.cwsandbox.org/

upload your file over there and see the results... it runs a lot of stuff, 
including filemon, AVs, regmon... etc

Obrigado / Regards

/*
 * Thiago Canozzo Lahr; CEH; LPIC-1;
 * Vulnerability Assessment Specialist;
 * IBM ITDelivery Brazil - Security & Risk Management;
 * Phone: +55 19 2132-7091;
*/




From:
"Jamie Riden" <jamie.riden () gmail com>
To:
"poddima () yahoo com" <poddima () yahoo com>
Cc:
pen-test () securityfocus com
Date:
06/02/2008 18:21
Subject:
Re: Suspecious JPEG Files



On 1 Feb 2008 17:09:24 -0000, poddima () yahoo com <poddima () yahoo com> wrote:
> Hello,
>
>
> I recieved via e-mail two JPEG files, one of them was not opened 
properly (Default error message was displayed on the Windows Picture 
Viewer).
> The sender is known to me, and I suspect he was trying to attack my 
computer (I recieved also an infected executable file from him just a 
short time before, and I didn't opened it).
> If anyone is interested in trying to analyse the files, I'd be mostly 
grateful. Please contact me and I will send you the files.

Try submitting to www.virustotal.com - they will run 32 different AV
engines against them.

You can send them to me if you like - only gmail will screen them out
if it detects a virus. Still, that would be an answer to your question
:)

(Have you verified that they are in fact JPEGs and not some other image 
format?)

cheers,
 Jamie
-- 
Jamie Riden / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature