[Dshield] Possible Virus......??
james.jarvis at quest-media.com
Mon Mar 18 16:00:47 GMT 2002
I did think that, but surely it would go to a microsoft url rather than
It would also usually notify you before it downloaded anything I would have
From: Johannes B. Ullrich [mailto:jullrich at sans.org]
Sent: 18 March 2002 15:02
To: 'list at dshield.org'
Subject: Re: [Dshield] Possible Virus......??
-----BEGIN PGP SIGNED MESSAGE-----
send me the file off list. However, it is possible that the email used a
chinese character set. Windows automatically downloads the necessary fonts
and such if it encounters such an email.
> One of my colleagues received an email from test at test.com.tw when the
> was opened it launhed a web-site and commenced downloading a file - It
> didn't display the name of the file, and the download was cancelled before
> it was able to continue. I checked the source of the email (It was in
> and it pointed to a site called callin.net. The remainder of the email was
> all in stragnge random characters, and there was a type of form at the
> of the email.
> I ran a virus scan on the computer (McCafee) and it didn't find anything
> unusual. Does anyone have any thoughts? It may be completely harmless, but
> am not a fan of executable emails. Was thinking of sending the URL to
> McCaffee suport, for them to investigate.
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list