lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <063301c38c8e$a67bc600$c400a8c0@MLANDE> From: mlande at bellsouth.net (Mary Landesman) Subject: Email Harvesting virus? There is a bug that was introduced by Outlook Express Update 330994. Basically, everytime a change is made to the address book, OE makes a backup into a ~ file. Obviously I can't say for sure that is what you are experiencing, but it certainly sounds like it. There's a thread on it here: http://forums.about.com/ab-antivirus/messages?lgnF=y&msg=1360.1 Regards, Mary Landesman Antivirus About.com Guide http://antivirus.about.com ----- Original Message ----- From: "Joel R. Helgeson" <joel@...geson.com> To: <full-disclosure@...ts.netsys.com> Sent: Monday, October 06, 2003 10:44 PM Subject: [Full-Disclosure] Email Harvesting virus? I came across an intersting event today. I haven't been able to research it as much as I'd like, but I'd like to toss it out to the community just the same. A customers machine appears to be infected with some type of malware that apparently harvests email addresses and puts them into a file named '~'. Just the tilde ~, no extention. This file is created under the C:\Documents and Settings\%username%\~. I have attached a zipped copy of the file for refrence. I came across the file earlier today, renamed it and copied it off to a keychain USB drive for later analysis. Well, the file re-created itself and the malware creating it is not immediately apparent. I've scanned all the running apps but I haven't had much time to investigate. Any ideas? Joel R. Helgeson Director of Networking & Security Services SymetriQ Corporation "Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life."
Powered by blists - more mailing lists