[unisog] This seems a spyware. Is this?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Apr 13 15:48:10 GMT 2007

On Fri, 13 Apr 2007 11:01:17 EDT, Josh Heller said:
> You could upload the attached file (carefully) to the virustotal.com website
> to run it against their fleet of virus engines.  It is a very handy tool.

Make *very* sure you do this using MUA (mail user agent) software that is known
to be able to save possibly malicious content while avoiding the temptation
to be "helpful" and opening/unzipping/etc the file.  Although most MUA's should
be able to deal with *this* one, there's been lots of HTML-based attacks that
will pwn the box when the MUA tries to display it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/unisog/attachments/20070413/dc17a71b/attachment.bin 

More information about the unisog mailing list