Virus

  • Alkatr0z
  • Mastermind
  • Mastermind
  • Alkatr0z
  • Posts: 1883
  • Loc: Adelaide, Australia

Post 3+ Months Ago

Now then. I've always understood that Worms cannot run themselves unless the ACTUAL email message is opened(I know some exploit a vulnerability in Outlook Express that allows them to run when they appear in the preview pane). But there is no other way unless they are opened or appear in the preview pane correct?(This is reffering to emailed viruses, not ones that exploit another hole). Specifically I am referring to W32.Netsky.D@mm.

Alkatr0z
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23455
  • Loc: Woodbridge VA

Post 3+ Months Ago

According to Symantec's info, W32.Netsky.D@mm has to be executed.

http://www.sarc.com/avcenter/venc/data/w32.netsky.d@mm.html

I can confirm this, because I opened it on purpose, and in keeping with their high quality product, Symantec Corporate Edition caught it and quaranteened it instantly. Lucky me! *lol

(I wouldn't recommend to anyone doing what I do - In this case I wanted to confirm what I suspected. You can't really tell what a virus is from the file attachments you receive and I wanted to be sure I knew which virus I was dealing with in case one of my co-workers got it.)
  • Alkatr0z
  • Mastermind
  • Mastermind
  • Alkatr0z
  • Posts: 1883
  • Loc: Adelaide, Australia

Post 3+ Months Ago

That was my understanding of it as well. Thought I'd check as I recieved it, Opened it up in the source view(where no holes are attacked or code executed) to check on it. I always do that for any strange attachments i recieve. I guess the spoofed From address is another randomly selected address from the infected users computer as I recieved this email with the other batch of infected emails:

MailMarshal (an automated content monitoring gateway) has stopped
the following message:

Message: B0002ff954.00000001.mml
From: Alkatr0z
To: mcook
Subject: Re: Your software

Because it believes the message contains a virus.
The virus scanning software used was: InoculateIT Ver 6.x
{VirusName}

Please clean the file and resend it.

As I checked the manual removal options to ensure it hadn't slipped by(My norton antivirus also picked it up which lead me to have a peek at it).

Alkatr0z

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 40 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.