lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mike at m5computersecurity.com (Michael J McCafferty)
Subject: Email Harvesting virus?

Joel,
         I have seen this question, and other similar questions about the 
file called "~" (tilde), several times in various places lately. This was 
the answer for them, I am sure it will be for you.....
         It's an artifact from a MS Cumulative patch for Outlook. See 
here:  http://www.pchell.com/support/tildefile.shtml

         I didn't open your attachment, but I think you just sent your 
customers address book to this list.

Good luck,
Mike

At 09:44 PM 10/6/2003 -0500, Joel R. Helgeson wrote:
>I came across an intersting event today. I haven't been able to research 
>it as much as I'd like, but I'd like to toss it out to the community just 
>the same.
>
>A customers machine appears to be infected with some type of malware that 
>apparently harvests email addresses and puts them into a file named 
>'~'.  Just the tilde ~, no extention.  This file is created under the 
>C:\Documents and Settings\%username%\~.  I have attached a zipped copy of 
>the file for refrence.
>
>I came across the file earlier today, renamed it and copied it off to a 
>keychain USB drive for later analysis. Well, the file re-created itself 
>and the malware creating it is not immediately apparent.  I've scanned all 
>the running apps but I haven't had much time to investigate.
>
>Any ideas?
>
>
>Joel R. Helgeson
>Director of Networking & Security Services
>SymetriQ Corporation
>
>"Give a man fire, and he'll be warm for a day; set a man on fire, and 
>he'll be warm for the rest of his life."

**************************************************
Michael J. McCafferty
Principal, Security Engineer
M5 Computer Security
858-576-7325 Voice
http://www.m5computersecurity.com
**************************************************
--- "If you build it, they will hack !" ---

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ