[Dshield] Possible Virus......??

Johannes B. Ullrich jullrich at sans.org
Mon Mar 18 15:02:13 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


send me the file off list. However, it is possible that the email used a 
chinese character set. Windows automatically downloads the necessary fonts
and such if it encounters such an email.


> One of my colleagues received an email from test at test.com.tw when the email
> was opened it launhed a web-site and commenced downloading a file - It
> didn't display the name of the file, and the download was cancelled before
> it was able to continue. I checked the source of the email (It was in HTML)
> and it pointed to a site called callin.net. The remainder of the email was
> all in stragnge random characters, and there was a type of form at the base
> of the email.
> 
> I ran a virus scan on the computer (McCafee) and it didn't find anything
> unusual. Does anyone have any thoughts? It may be completely harmless, but I
> am not a fan of executable emails. Was thinking of sending the URL to
> McCaffee suport, for them to investigate.
> 
> Thanks,
> James
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8lgF2wWQP+4im9DYRArhPAJ45EEiPicU3eHjo++FLV5gwXDtChgCgifke
BVVIZAyTNiSFRxdIncYOhVE=
=sJFT
-----END PGP SIGNATURE-----




More information about the list mailing list