[Dshield] Possible Virus......??

James Jarvis james.jarvis at quest-media.com
Mon Mar 18 16:00:47 GMT 2002


I did think that, but surely it would go to a microsoft url rather than
callin.net.

It would also usually notify you before it downloaded anything I would have
thought.


-----Original Message-----
From: Johannes B. Ullrich [mailto:jullrich at sans.org]
Sent: 18 March 2002 15:02
To: 'list at dshield.org'
Subject: Re: [Dshield] Possible Virus......??


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


send me the file off list. However, it is possible that the email used a 
chinese character set. Windows automatically downloads the necessary fonts
and such if it encounters such an email.


> One of my colleagues received an email from test at test.com.tw when the
email
> was opened it launhed a web-site and commenced downloading a file - It
> didn't display the name of the file, and the download was cancelled before
> it was able to continue. I checked the source of the email (It was in
HTML)
> and it pointed to a site called callin.net. The remainder of the email was
> all in stragnge random characters, and there was a type of form at the
base
> of the email.
> 
> I ran a virus scan on the computer (McCafee) and it didn't find anything
> unusual. Does anyone have any thoughts? It may be completely harmless, but
I
> am not a fan of executable emails. Was thinking of sending the URL to
> McCaffee suport, for them to investigate.
> 
> Thanks,
> James
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
> 

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8lgF2wWQP+4im9DYRArhPAJ45EEiPicU3eHjo++FLV5gwXDtChgCgifke
BVVIZAyTNiSFRxdIncYOhVE=
=sJFT
-----END PGP SIGNATURE-----

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list