Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: [ok] Possible Virus/Trojan
From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 26 Jul 2004 08:08:27 -0500

Sorry guys, I just noticed in my Outlook that the attachment name was really
"New Southern California wildfire erupts.avi (spaces) .exe"

It was released to me after being blocked, but Outlook blocks access to exe
files. Therefore I don't have a direct copy of it to look into. I am trying
to find another copy somewhere. 

That means the file name was the same as the header. If I was going to
custom make a fake e-mail to send to one person, it wouldn't be so
automatically looking.

-----Original Message-----
From: Andrew Farmer [mailto:andfarm () teknovis com] 
Sent: Sunday, July 25, 2004 6:06 PM
To: Curt Purdy
Cc: 'Mailing List - Full-Disclosure'; 'Todd Towles'
Subject: Re: [ok] [Full-disclosure] Possible Virus/Trojan

On 25 Jul 2004, at 12:06, Curt Purdy wrote:
Todd Towles  wrote:
I received an e-mail today that looked very much like a virus. Here 
is the message

Attachment - erupts.avi.exe

Subject - New Southern California wildfire erupts


Either this is a new Trojan that changes it body and subject based on 
the current  AP  news or someone used a very lame trick against me. 

I'm guessing the latter.  Although story scraping would be possible,
intellegent naming of the .exe would not be.  Most likely a friend... 

Sure it would be. In this case, at least, the executable is just named 
based on the last word of the headline plus ".avi.exe".

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]