*** Heads Up *** New Virus???
Results 1 to 10 of 10

Thread: *** Heads Up *** New Virus???

  1. #1
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197

    *** Heads Up *** New Virus???

    The following is a copy of an email I just sent to all my users:-

    Kim xxxxxxx at xxxxxxx just did a wonderful thing. She received an email that didn’t look right with an attachment and called me about it. I had her forward it to me which she did. I updated my virus definitions and immediately scanned the Zip file she had received. No virus found. I unzipped the file called photos.jpg.exe and scanned it. No virus found. So I opened the file using one of my “little tools” to see what it was. It is clearly a virus that mails itself out, contacts a web site and who knows what else. I have submitted it to Symantec for their analysis.

    The test of the message to Kim read as follows, (but if you get one it may not be the same):-

    BEGIN TEXT
    +++++++++++++++++++++++++++++++++++++++

    Hello Dear!,

    Finally i've found possibility to right u, my lovely girl :) All our photos which i've made at the beach (even when u're without ur bh:)) photos are great! This evening i'll come and we'll make the best SEX :)

    Right now enjoy the photos.
    Kiss, James.
    iioiemve

    ++++++++++++++++++++++++++++++++++++++++
    END TEXT

    The attachment was a zip file called photos.zip
    It contained a file called photos.jpg.exe (notice the two file extensions)
    The incredibly sophisticated tool I used was notepad..... But I don't want the users messing with it......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    547
    when you said sofisticated tool at the begining i was thinking of Cool Edit
    Shame on me for having those thoughts

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    LOL!!!

    The 31337 notepad tool huh?

    Seriously though, I haven't seen this attachment on our "removed" list but I will certainly keep and eye out. If anyone else comes across this, please post to this thread.

    Good catch Sharky! I hope you don't catch grenades as well

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    It is a variant of MIMAIL:

    http://securityresponse.symantec.com...mail.c@mm.html

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ok.... Symantec has replied.

    We have analyzed your submission. The following is a report of our findings for each file you have submitted:

    filename: C:\photos.jpg.exe
    machine:
    result: This file is infected with W32.Mimail.C@mm

    Developer notes:
    C:\photos.jpg.exe is non-repairable threat. NAV with the latest beta definition detects this. Please delete this file and replace it if neccessary. Please follow the instruction at the end of this email message to install the latest beta definitions.
    Note the important bit..... "latest beta definition" ....... Guess I'm not using those.....

    [EDIT]

    Neb: Funny.... I went to Symantec security response and searched for the zip, the actual file, the email title and several peices of text from the email before I submitted it to them....... I must have been minutes too early.......

    [/EDIT]
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    WOW we need t ohave beta definitions now.....this is why my mail server strips off all .exe attachments.
    Who is more trustworthy then all of the gurus or Buddha’s?

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hi Tiger!

    Happy Halloween!

    Any chance you could send me one? The previous addy would be fine,) otherwise PM me and I will remind you of it.

    I had that relationship at one of the last places I worked, I just got strange stuff forwarded........the Users were very good (and the contract was for over 3 years), they sent all sorts of suspicious stuff. Being a mil type establishment we did not get much spam, but I had a long battle to get our Infrastructure guys to be security minded

    My actual role was systems project management, but I soon got to know the guys......great relationship...............OK I did cover for the infrastructure team when needed............they did the same for me and my guys


    Take care, and don't forget a copy of that virus! I need to get back up to speed, because I don't seem to be capturing as many as I used to?

    Cheers

    Johnno
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    BBallad: Yeah.... My firewall does that too..... Trouble is this was in a zip file and I have to let those through 'cos we use them though I do try to restrict the number of users that have winzip installed so they can't open them.... 'cos they'll still go ahead an click on the results.... But I guess we got through to one user. She did the right thing.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Due to an increased rate of submissions Symantec Security Response has upgraded W32.Mimail.C@mm to a Category 3 threat from a Category 2 threat.
    Thanks for the for the warning TS..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  10. #10
    Senior Member
    Join Date
    Sep 2003
    Posts
    279
    thanks for the heads up
    AntiOnline Quick Forum Version 2b Click Here
    10010101000000110010001100111

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides