lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <6130FAF67D15D411BF7100E01899071F865EE2@stork.mightyoaks.local> From: david.vincent at mightyoaks.com (David Vincent) Subject: Email Harvesting virus? > > A customers machine appears to be infected with some type of malware > > that apparently harvests email addresses and puts them into a file named > > '~'. Just the tilde ~, no extention. This file is created under the > > C:\Documents and Settings\%username%\~. I have attached a zipped copy > > of the file for refrence. > > > > I came across the file earlier today, renamed it and copied it off to a > > keychain USB drive for later analysis. Well, the file re-created itself > > and the malware creating it is not immediately apparent. I've scanned > > all the running apps but I haven't had much time to investigate. > > > > Any ideas? > > Microsoft Word? :) It appears to be one of the backup files > that Word makes while you are working. this is a side effect of the Q330994 patch for outlook express. check it out, that file is only a copy of your address book. see it on tons of machines, and i haven't found any solution to it yet. http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=utf-8&q=q330994+patch+%7E &btnG=Google+Search -d
Powered by blists - more mailing lists