Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

New Virus?

from [Hamish Stanaway] Network Security [Permanent Link]
Subject: New Virus?
Date: Mon, 27 Jun 2005 22:41:49 +0000 
Hey there everyone,

I recieved a mysterious email this morning at 1728 GMT which had headers as follows:

Return-path: <hamish1@voyager.co.nz>
Envelope-to: hamish1@webhosting.net.nz
Delivery-date: Tue, 28 Jun 2005 05:22:44 +1200
Received: from [217.125.252.60] (helo=david.org)
        by fearless.absolutewebhosting.biz with smtp (Exim 4.24)
        id 1DmxJg-0003ou-Rg
        for hamish1@webhosting.net.nz; Tue, 28 Jun 2005 05:22:41 +1200
Date: Mon, 27 Jun 2005 19:20:42 +0100
To: "Hamish" <hamish1@webhosting.net.nz>
From: "Hamish" <hamish1@voyager.co.nz>
Subject: The picture is sent on SMS
Message-ID: <pvkpnopcnwraqblcgfg@webhosting.net.nz>
MIME-Version: 1.0
Content-Type: multipart/mixed;
       boundary="--------hukvuvgobciyuhmojdug"

-------------------- END SNIP-----------------------

As you can guess, I'm hamish1@webhosting.net.nz.
This email contained no text, only an attachment called legs.zip, which Norton (fully updated to its' latest version and data files) did not detect any viruses in.
Within the legs.zip file there is a file called ds-rwe.exe - this again was not detected as a virus.
My girlfriend thought she would be smart and ran ds-rwe.exe, which gave me a memory overflow message for explorer.exe immidiately.
Does anyone have any idea of what this might be, and also if it is a virus that has already been identified? If not, I am willing to pass it through to someone to take a look at in its' zip format.
Otherwise if the effects cannot be reversed, I am afraid I will have to reformat this machine *sigh* NOT AGAIN :(
Have a great day everyone and thanks in advance for your help.


Kindest of regards,

Hamish Stanaway, CEO

Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
Auckland, New Zealand

http://www.webhosting.net.nz
http://www.buywebhosting.co.nz
http://www.koreworks.com


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • New Virus?, Hamish Stanaway <=
Previous by Date:  Re: magic_quotes, Christoph 'knurd' Jeschke
Next by Date:  Re: RE: Masters program for Information Security?, ChayoteMu
Previous by Thread:  SF new column announcement: Where's the threat?, Kelly Martin
Next by Thread:  Acid Not Displaying PortScan Traffic, Paule
Indexes:  [Date] [Thread] [Top] [All Lists]