[unisog] This seems a spyware. Is this?

Josh Heller heller at kutztown.edu
Fri Apr 13 15:01:17 GMT 2007


You could upload the attached file (carefully) to the virustotal.com website
to run it against their fleet of virus engines.  It is a very handy tool.

Josh 
Kutztown University

-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of Peter Van Epp
Sent: Friday, April 13, 2007 10:51 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] This seems a spyware. Is this?

On Fri, Apr 13, 2007 at 08:47:47AM +0900, takashi yamanoue wrote:
> Hi.
>   I'm takashi from Japan.
>   I've received the following mail today.
>   It seems a malicious mail with a spyware.
>   Does anyone know something about this mail?
>   The mail has an attached file, bugfix-48566.zip (38 KB),
>   and the following text was an image.
> 
>   Regards,
> 
> Takashi Yamanoue, Dr.
> Computing and Communications Center, Kagoshima University
> yamanoue at cc,kagoshima-u.ac.jp
> http://yama-linux.cc.kagoshima-u.ac.jp/~yamanoue
> +81-99-285-7187
<snip>

	There is every likelyhood (although only analysing the zip file
would
be %100 sure) that this is indeed a virus or spyware. The passworded zip
file
is designed to bypass virus scanners as is the text in an image file. You 
could also ask the person or site that supposedly sent it if they really did
but just deleting it as a virus is probably your best bet.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada
_______________________________________________
unisog mailing list
unisog at lists.dshield.org
https://lists.sans.org/mailman/listinfo/unisog



More information about the unisog mailing list