Security Basics mailing list archives
Re: New Virus?
From: cc <cc () belfordhk com>
Date: Wed, 29 Jun 2005 09:05:33 +0800
Hamish Stanaway sighed and wrote::
Hey there everyone, I recieved a mysterious email this morning at 1728 GMT which had headers as follows:
Regardless of it being a virus, there are a few issues I have with this email, least of all having a zip attachment. 1) Header's forged. (afaik, david.org <> 217.125.252.60) 2) Zip Attachment with an unknown EXE file. (This has got to ring some alarm bells already.) 3) Your girlfriend uncompressing the ZIP file and running the program. Not exactly the smartest thing to do, especially in this age of Nimdas, Sobigs, etc. Unless you are waiting for a zip file from someone, particularly this "hamish1 () voyager co nz" (doubtful, but still possible), then I suggest you delete the email and forget about it. With the proper tools, you'd probably be able to disect the EXE file. AFAIK, it's one of these Netsky variants. (No, don't send it to me. :)) Of course, that's just my $0.02. Perhaps someone else with more experience have something to say. Edmund
Current thread:
- New Virus? Hamish Stanaway (Jun 28)
- Re: New Virus? Paul Kurczaba (Jun 29)
- RE: New Virus? David Gillett (Jun 29)
- Re: New Virus? securityfocus (Jun 29)
- Re: New Virus? Ansgar -59cobalt- Wiechers (Jun 29)
- Re: New Virus? cc (Jun 29)
- Re: New Virus? Alan Apperson (Jun 29)
- Re: New Virus? Justin Gill (Jun 29)
- Re: New Virus? ChayoteMu (Jun 29)
- RE: New Virus? J.Ayoola (Jun 29)
- RE: New Virus? Hamish Stanaway (Jun 30)
- <Possible follow-ups>
- RE: New Virus? Dan Denton (Jun 29)
- RE: New Virus? Hayden Searle (Jun 29)
- re: New Virus? meowbaby (Jun 29)
- RE: New Virus? Wiersma, S. (Stefan) (Jun 29)