Security Basics mailing list archives
RE: Possible Virus or trojan?
From: Alfred.Diggs () STIS com
Date: Mon, 3 Nov 2003 20:20:25 -0500
I just got this. I went to Symantec and updated my virus definitions and it is a virus. Before the update I even scanned the file directly and it didn't report virus. This is what I got from Symantec corp. 8.X after the update today Scan type: Real-time Protection Scan Event: Virus Found! Virus name: W32.Mimail.C@mm File: photos.zip Location: Mail System Computer: 23uoy25 User: Diggs Alfred Action taken: Clean failed : Quarantine failed : Date found: Monday, November 03, 2003 8:16:29 PM Inside the email there is a photos.zip and then a photo.jpg.exe If you got screwed by this here is a link to the removal tool. http://www.symantec.com/avcenter/FxMimail.exe -----Original Message----- From: PAUL NICKELSON [mailto:pjn308 () yahoo com] Sent: Friday, October 31, 2003 11:08 AM To: security-basics () securityfocus com Subject: Possible Virus or trojan? Has anyone ever seen an email with the following body? Re[2]: our private photos ocooeaoe Importance: High Hello Dear!, Finally i've found possibility to right u, my lovely girl :) All our photos which i've made at the beach (even when u're without ur bh:)) photos are great! This evening i'll come and we'll make the best SEX :) Right now enjoy the photos. Kiss, James. ocooeaoe With an attached file named photos.zip and within that, photo.jpg.exe. Is this something new or a targeted attack? I did find a reference to netwatch.exe in hex editor and if installed will start netwatch.exe. Thanks. __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Possible Virus or trojan? PAUL NICKELSON (Nov 03)
- Re: Possible Virus or trojan? Lou (Nov 03)
- Re: Possible Virus or trojan? Brian Jones (Nov 03)
- <Possible follow-ups>
- RE: Possible Virus or trojan? Thomas F. Szabo (Nov 03)
- RE: Possible Virus or trojan? Matt Gibson (Nov 03)
- RE: Possible Virus or Trojan? arh (Nov 03)
- RE: Possible Virus or trojan? Alfred . Diggs (Nov 04)