[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: starwars.exe -- possible trojan?
From: "Donald, Nichols" <dnichols () d-and-d ! com>
Date: 1999-07-23 4:56:45
[Download RAW message or body]
Well ... my wife just got a bogus e-mail (supposedly from her father,
who is long dead, and supposedly to her as a son, which she most
certainly is *not*.
It included an attachment which was "starwars.exe". Since I
don't normally run Microsoft OS's, I don't maintain a virus checker.
But I did use "strings" to look through that executable. I find seven
different ".dll"s named in it -- and I don't know which of them it may
be creating. I'll give the list here, in case someone else has
encountered some form of the program:
======================================================================
KERNEL32.dll
USER32.dll
GDI32.dll
comdlg32.dll
ADVAPI32.dll
SHELL32.dll
WINMM.dll
======================================================================
I'm particularly concerned about the SHELL32.dll, and
USER32.dll, but KERNEL32.dll is also of potential concern.
The following strings were also found within the program:
======================================================================
hockwaveFlash
ShockwaveFlash.ShockwaveFlash
ShockwaveFlash.ShockwaveFlash\DefaultIcon
ShockwaveFlash.ShockwaveFlash\shell\open\command
_flash
======================================================================
My wife is active on the news.admin.net-abuse newsgroups, and
her name has made it into the "people not to spam" list, which could
have been used to target the active anti-spam people.
The headers did show a few too many machines to make it likely
that it was not delivered by spaming software and techniques.
Since we don't run Microsoft OS's, and don't have a way to run a
".exe" file anyway, it obviously does not present a threat to our
systems, but I would like to know whether anyone else has encountered
this, and can state whether it is a known trojan or harbours a known virus.
Thanks all,
DoN.
--
NOTE: spamblocking on against servers which harbor spammers.
Email: <dnichols@d-and-d.com> | Donald Nichols (DoN.)|Voice (703) 938-4564
My Concertina web page: | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic