|
I came across an intersting event today. I haven't
been able to research it as much as I'd like, but I'd like to toss it out to the
community just the same.
A customers machine appears to be infected with
some type of malware that apparently harvests email addresses and puts them into
a file named '~'. Just the tilde ~, no extention. This file is
created under the C:\Documents and Settings\%username%\~. I have attached
a zipped copy of the file for refrence.
I came across the file earlier today, renamed it
and copied it off to a keychain USB drive for later analysis. Well, the file
re-created itself and the malware creating it is not immediately apparent.
I've scanned all the running apps but I haven't had much time to
investigate.
Any ideas?
Joel R. Helgeson
Director of Networking & Security Services SymetriQ Corporation "Give a man fire, and he'll be warm for a day; set
a man on fire, and he'll be warm for the rest of his life."
|
~.zip
Description: Zip compressed data
