[Dshield] [Fwd: File on desktop with tilde character as filen ame]

David Vincent david.vincent at mightyoaks.com
Fri Jun 6 16:10:23 GMT 2003

i have a client with this problem, we traced it to a real estate package
they are running called "Interface".  seems to be pretty benign, so we've
just left it.


> -----Original Message-----
> From: Johannes B. Ullrich [mailto:jullrich at sans.org]
> Sent: June 5, 2003 8:24 PM
> To: list at dshield.org
> Subject: [Dshield] [Fwd: File on desktop with tilde character as
> filename]
> -----Forwarded Message-----
> From: Samuel <samuel at socal.rr.com>
> To: Dshield at Dshield. Org <dshield at dshield.org>
> Subject: File on desktop with tilde character as filename
> Date: 05 Jun 2003 19:03:22 -0700
> Several times I have received spontaneously a file on my 
> Windows desktop
> that has a one-character filename of the tilde character 
> ("~"). The contents
> is binary but when I look at it I can see that it contains 
> email addresses
> from my address book. The first time (on Friday, May 02) I 
> saw it I zipped
> it into a zip file. Since then I have been deleting them when 
> I get them.
> Since the first half of May I did not get any on my desktop 
> but I need to
> search my entire system in case they exist elsewhere. I 
> received another one
> a couple of days ago and I received two today. The first one 
> I received I
> was able to see it appear on the desktop immediately after sending a
> message. So now I am much more suspicious.
> I don't know where it is coming from. I keep my desktop clear 
> enough of
> icons that I notice it quite quickly. I tried to search for 
> information but
> either it is not malicious and there is not information or 
> the use of the
> tilde character makes it difficult to find the information. I 
> assume the use
> of the tilde character is intended to slow us down and if so 
> it is quite
> successful.
> I am using Outlook Express and I have the "Warn me when other 
> applications
> try to send mail as me." option selected on so I hope there 
> has been no
> email sent that I am unaware of.
> As you can see by the signature it adds to messages that I am 
> using AVG for
> virus protection. I obviously need to get something better. 
> However if this
> file is the result of something malicious then I sure want to 
> identify it,
> especially if it is something new.
> I realize this mailing list is not the primary place to 
> report such a thing.
> Where else is a good place to report it and get information 
> about it if it
> is malicious? I should not be spending time on this but that is what
> everyone says, right?
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.487 / Virus Database: 286 - Release Date: 6/1/2003
> -- 
> ----------
> Johannes Ullrich
> Internet Storm Center - SANS Institute
> jullrich at sans.org  http://isc.sans.org
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list