RE: New Virus?
From: Dan Denton (ddenton_at_PAYLESSOFFICE.com)
Date: 06/28/05
- Previous message: Paul Kurczaba: "Re: New Virus?"
- Maybe in reply to: Hamish Stanaway: "New Virus?"
- Next in thread: Hayden Searle: "RE: New Virus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jun 2005 16:28:22 -0500 To: "Hamish Stanaway" <koremeltdown@hotmail.com>, <security-basics@securityfocus.com>
I would also be interested in seeing if anyone else know what this is.
One of our users received an email with the same identical subject line,
with the attachment 'new.zip'. The email also had an identical user
name, but from 'roi.net'. We quarantine zip files at the mail gateway
before it actually gets scanned, so I've no idea what it is either.
-----Original Message-----
From: Hamish Stanaway [mailto:koremeltdown@hotmail.com]
Sent: Monday, June 27, 2005 5:42 PM
To: security-basics@securityfocus.com
Subject: New Virus?
Hey there everyone,
I recieved a mysterious email this morning at 1728 GMT which had headers
as
follows:
Return-path: <hamish1@voyager.co.nz>
Envelope-to: hamish1@webhosting.net.nz
Delivery-date: Tue, 28 Jun 2005 05:22:44 +1200
Received: from [217.125.252.60] (helo=david.org)
by fearless.absolutewebhosting.biz with smtp (Exim 4.24)
id 1DmxJg-0003ou-Rg
for hamish1@webhosting.net.nz; Tue, 28 Jun 2005 05:22:41 +1200
Date: Mon, 27 Jun 2005 19:20:42 +0100
To: "Hamish" <hamish1@webhosting.net.nz>
From: "Hamish" <hamish1@voyager.co.nz>
Subject: The picture is sent on SMS
Message-ID: <pvkpnopcnwraqblcgfg@webhosting.net.nz>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------hukvuvgobciyuhmojdug"
-------------------- END SNIP-----------------------
As you can guess, I'm hamish1@webhosting.net.nz.
This email contained no text, only an attachment called legs.zip, which
Norton (fully updated to its' latest version and data files) did not
detect
any viruses in.
Within the legs.zip file there is a file called ds-rwe.exe - this again
was
not detected as a virus.
My girlfriend thought she would be smart and ran ds-rwe.exe, which gave
me a
memory overflow message for explorer.exe immidiately.
Does anyone have any idea of what this might be, and also if it is a
virus
that has already been identified? If not, I am willing to pass it
through to
someone to take a look at in its' zip format.
Otherwise if the effects cannot be reversed, I am afraid I will have to
reformat this machine *sigh* NOT AGAIN :(
Have a great day everyone and thanks in advance for your help.
Kindest of regards,
Hamish Stanaway, CEO
Absolute Web Hosting / -= KoRe WoRkS =- Internet Security Auckland, New
Zealand
http://www.webhosting.net.nz
http://www.buywebhosting.co.nz
http://www.koreworks.com
- Previous message: Paul Kurczaba: "Re: New Virus?"
- Maybe in reply to: Hamish Stanaway: "New Virus?"
- Next in thread: Hayden Searle: "RE: New Virus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
