RE: New Virus?
From: Hayden Searle (hayden.searle_at_safecom.co.nz)
Date: 06/28/05
- Previous message: Nick Duda: "RE: program to store passwords"
- Maybe in reply to: Hamish Stanaway: "New Virus?"
- Next in thread: David Gillett: "RE: New Virus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Jun 2005 09:48:24 +1200 To: "Hamish Stanaway" <koremeltdown@hotmail.com>, <security-basics@securityfocus.com>
Hi Hamish
I got the same emails yesterday also. I got about 3 of them though. The
attachments were called original.zip and the subject was either Is sent
SMS or The picture is sent on SMS
Our mail system removed the exe's in the zips for Dangerous attachments
inbound so I don't have the original files but nothing picked it up
either Nortons or Sophos.
Will be submitting to both for analysis. Will report back when I get a
result.
Hayden Searle
Network Security Specialist
-----Original Message-----
From: Hamish Stanaway [mailto:koremeltdown@hotmail.com]
Sent: Tuesday, 28 June 2005 10:42 a.m.
To: security-basics@securityfocus.com
Subject: New Virus?
Hey there everyone,
I recieved a mysterious email this morning at 1728 GMT which had headers
as
follows:
Return-path: <hamish1@voyager.co.nz>
Envelope-to: hamish1@webhosting.net.nz
Delivery-date: Tue, 28 Jun 2005 05:22:44 +1200
Received: from [217.125.252.60] (helo=david.org)
by fearless.absolutewebhosting.biz with smtp (Exim 4.24)
id 1DmxJg-0003ou-Rg
for hamish1@webhosting.net.nz; Tue, 28 Jun 2005 05:22:41 +1200
Date: Mon, 27 Jun 2005 19:20:42 +0100
To: "Hamish" <hamish1@webhosting.net.nz>
From: "Hamish" <hamish1@voyager.co.nz>
Subject: The picture is sent on SMS
Message-ID: <pvkpnopcnwraqblcgfg@webhosting.net.nz>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------hukvuvgobciyuhmojdug"
-------------------- END SNIP-----------------------
As you can guess, I'm hamish1@webhosting.net.nz.
This email contained no text, only an attachment called legs.zip, which
Norton (fully updated to its' latest version and data files) did not
detect any viruses in.
Within the legs.zip file there is a file called ds-rwe.exe - this again
was not detected as a virus.
My girlfriend thought she would be smart and ran ds-rwe.exe, which gave
me a memory overflow message for explorer.exe immidiately.
Does anyone have any idea of what this might be, and also if it is a
virus that has already been identified? If not, I am willing to pass it
through to someone to take a look at in its' zip format.
Otherwise if the effects cannot be reversed, I am afraid I will have to
reformat this machine *sigh* NOT AGAIN :( Have a great day everyone and
thanks in advance for your help.
Kindest of regards,
Hamish Stanaway, CEO
Absolute Web Hosting / -= KoRe WoRkS =- Internet Security Auckland, New
Zealand
http://www.webhosting.net.nz
http://www.buywebhosting.co.nz
http://www.koreworks.com
#####################################################################################
Important: This electronic message and attachments (if any) are confidential
and may be legally privileged. If you are not the intended recipient do not
copy, disclose or use the contents in any way. Please let us know by return
e-mail immediately and then destroy this message.
#####################################################################################
- Previous message: Nick Duda: "RE: program to store passwords"
- Maybe in reply to: Hamish Stanaway: "New Virus?"
- Next in thread: David Gillett: "RE: New Virus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
