-
October 31st, 2003, 08:12 PM
#1
*** Heads Up *** New Virus???
The following is a copy of an email I just sent to all my users:-
Kim xxxxxxx at xxxxxxx just did a wonderful thing. She received an email that didn’t look right with an attachment and called me about it. I had her forward it to me which she did. I updated my virus definitions and immediately scanned the Zip file she had received. No virus found. I unzipped the file called photos.jpg.exe and scanned it. No virus found. So I opened the file using one of my “little tools” to see what it was. It is clearly a virus that mails itself out, contacts a web site and who knows what else. I have submitted it to Symantec for their analysis.
The test of the message to Kim read as follows, (but if you get one it may not be the same):-
BEGIN TEXT
+++++++++++++++++++++++++++++++++++++++
Hello Dear!,
Finally i've found possibility to right u, my lovely girl :) All our photos which i've made at the beach (even when u're without ur bh:)) photos are great! This evening i'll come and we'll make the best SEX :)
Right now enjoy the photos.
Kiss, James.
iioiemve
++++++++++++++++++++++++++++++++++++++++
END TEXT
The attachment was a zip file called photos.zip
It contained a file called photos.jpg.exe (notice the two file extensions)
The incredibly sophisticated tool I used was notepad..... But I don't want the users messing with it......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
October 31st, 2003, 08:16 PM
#2
when you said sofisticated tool at the begining i was thinking of Cool Edit
Shame on me for having those thoughts
-
October 31st, 2003, 08:16 PM
#3
LOL!!!
The 31337 notepad tool huh?
Seriously though, I haven't seen this attachment on our "removed" list but I will certainly keep and eye out. If anyone else comes across this, please post to this thread.
Good catch Sharky! I hope you don't catch grenades as well
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
October 31st, 2003, 08:20 PM
#4
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
October 31st, 2003, 08:21 PM
#5
Ok.... Symantec has replied.
We have analyzed your submission. The following is a report of our findings for each file you have submitted:
filename: C:\photos.jpg.exe
machine:
result: This file is infected with W32.Mimail.C@mm
Developer notes:
C:\photos.jpg.exe is non-repairable threat. NAV with the latest beta definition detects this. Please delete this file and replace it if neccessary. Please follow the instruction at the end of this email message to install the latest beta definitions.
Note the important bit..... "latest beta definition" ....... Guess I'm not using those.....
[EDIT]
Neb: Funny.... I went to Symantec security response and searched for the zip, the actual file, the email title and several peices of text from the email before I submitted it to them....... I must have been minutes too early.......
[/EDIT]
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
October 31st, 2003, 08:47 PM
#6
WOW we need t ohave beta definitions now.....this is why my mail server strips off all .exe attachments.
Who is more trustworthy then all of the gurus or Buddha’s?
-
October 31st, 2003, 08:49 PM
#7
-
October 31st, 2003, 08:56 PM
#8
BBallad: Yeah.... My firewall does that too..... Trouble is this was in a zip file and I have to let those through 'cos we use them though I do try to restrict the number of users that have winzip installed so they can't open them.... 'cos they'll still go ahead an click on the results.... But I guess we got through to one user. She did the right thing.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 1st, 2003, 08:30 AM
#9
Due to an increased rate of submissions Symantec Security Response has upgraded W32.Mimail.C@mm to a Category 3 threat from a Category 2 threat.
Thanks for the for the warning TS..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
November 2nd, 2003, 05:13 PM
#10
AntiOnline Quick Forum Version 2b Click Here
10010101000000110010001100111
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|