[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: mike at m5computersecurity.com (Michael J McCafferty)
Subject: Email Harvesting virus?
Joel,
I have seen this question, and other similar questions about the
file called "~" (tilde), several times in various places lately. This was
the answer for them, I am sure it will be for you.....
It's an artifact from a MS Cumulative patch for Outlook. See
here: http://www.pchell.com/support/tildefile.shtml
I didn't open your attachment, but I think you just sent your
customers address book to this list.
Good luck,
Mike
At 09:44 PM 10/6/2003 -0500, Joel R. Helgeson wrote:
>I came across an intersting event today. I haven't been able to research
>it as much as I'd like, but I'd like to toss it out to the community just
>the same.
>
>A customers machine appears to be infected with some type of malware that
>apparently harvests email addresses and puts them into a file named
>'~'. Just the tilde ~, no extention. This file is created under the
>C:\Documents and Settings\%username%\~. I have attached a zipped copy of
>the file for refrence.
>
>I came across the file earlier today, renamed it and copied it off to a
>keychain USB drive for later analysis. Well, the file re-created itself
>and the malware creating it is not immediately apparent. I've scanned all
>the running apps but I haven't had much time to investigate.
>
>Any ideas?
>
>
>Joel R. Helgeson
>Director of Networking & Security Services
>SymetriQ Corporation
>
>"Give a man fire, and he'll be warm for a day; set a man on fire, and
>he'll be warm for the rest of his life."
**************************************************
Michael J. McCafferty
Principal, Security Engineer
M5 Computer Security
858-576-7325 Voice
http://www.m5computersecurity.com
**************************************************
--- "If you build it, they will hack !" ---
Powered by blists - more mailing lists