Home page logo
/

basics logo Security Basics mailing list archives

RE: Possible Virus or trojan?
From: Alfred.Diggs () STIS com
Date: Mon, 3 Nov 2003 20:20:25 -0500

I just got this. I went to Symantec and updated my virus definitions and it
is a virus. Before the update I even scanned the file directly and it didn't
report virus. This is what I got from Symantec corp. 8.X after the update
today

Scan type:  Real-time Protection Scan
Event:  Virus Found!
Virus name: W32.Mimail.C () mm
File:  photos.zip
Location:  Mail System
Computer:  23uoy25
User:  Diggs  Alfred
Action taken:  Clean failed : Quarantine failed : 
Date found: Monday, November 03, 2003  8:16:29 PM

Inside the email there is a photos.zip and then a photo.jpg.exe 

If you got screwed by this here is a link to the removal tool.
http://www.symantec.com/avcenter/FxMimail.exe



-----Original Message-----
From: PAUL NICKELSON [mailto:pjn308 () yahoo com] 
Sent: Friday, October 31, 2003 11:08 AM
To: security-basics () securityfocus com
Subject: Possible Virus or trojan?


Has anyone ever seen an email with the following body?


Re[2]: our private photos ocooeaoe
Importance: High



Hello Dear!,

Finally i've found possibility to right u, my lovely
girl :)
All our photos which i've made at the beach (even when
u're without ur bh:))
photos are great! This evening i'll come and we'll
make the best SEX :)

Right now enjoy the photos.
Kiss, James.
ocooeaoe

With an attached file named photos.zip and within
that, photo.jpg.exe.  Is this something new or a
targeted attack?  I did find a reference to
netwatch.exe in hex editor and if installed will start netwatch.exe.
Thanks.

__________________________________
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to

simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault