[unisog] This seems a spyware. Is this?

Josh Heller heller at kutztown.edu
Fri Apr 13 15:01:17 GMT 2007

You could upload the attached file (carefully) to the virustotal.com website
to run it against their fleet of virus engines.  It is a very handy tool.

Kutztown University

-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of Peter Van Epp
Sent: Friday, April 13, 2007 10:51 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] This seems a spyware. Is this?

On Fri, Apr 13, 2007 at 08:47:47AM +0900, takashi yamanoue wrote:
> Hi.
>   I'm takashi from Japan.
>   I've received the following mail today.
>   It seems a malicious mail with a spyware.
>   Does anyone know something about this mail?
>   The mail has an attached file, bugfix-48566.zip (38 KB),
>   and the following text was an image.
>   Regards,
> Takashi Yamanoue, Dr.
> Computing and Communications Center, Kagoshima University
> yamanoue at cc,kagoshima-u.ac.jp
> http://yama-linux.cc.kagoshima-u.ac.jp/~yamanoue
> +81-99-285-7187

	There is every likelyhood (although only analysing the zip file
be %100 sure) that this is indeed a virus or spyware. The passworded zip
is designed to bypass virus scanners as is the text in an image file. You 
could also ask the person or site that supposedly sent it if they really did
but just deleting it as a virus is probably your best bet.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada
unisog mailing list
unisog at lists.dshield.org

More information about the unisog mailing list