| View previous topic :: View next topic |
| Author |
Message |
mbirkett
n00b
Joined: 03 Sep 2002
Posts: 45
Location: Newcastle Upon Tyne
|
 Posted: Thu Dec 19, 2002 4:18 pm Post subject: Virus? |
 |
|
we seem to be getting hammered with a file called: x_mas_2002.exe, as e-mail attachements.
These are being rejected by out inflex scanner but does anyone know if this is a virus?
CHeers,
marc
_________________
I am Thybrush Greepwood, a mighty privet... |
|
| Back to top |
|
 |
Scandium
Retired Dev
Joined: 22 Apr 2002
Posts: 340
Location: Germany
|
| Posted: Thu Dec 19, 2002 7:34 pm Post subject: |
|
|
I'd say so for the following reasons:
1. it's .exe
2. you are "getting hammered"
3. the filename also sounds like a "christmas present"  |
|
| Back to top |
|
|
homerjay
n00b
Joined: 13 Oct 2002
Posts: 13
Location: Scotland
|
| Posted: Thu Dec 19, 2002 7:50 pm Post subject: Re: Virus? |
|
|
| mbirkett wrote: | we seem to be getting hammered with a file called: x_mas_2002.exe, as e-mail attachements.
These are being rejected by out inflex scanner but does anyone know if this is a virus? |
Neither Google, Symantec nor McAfee know anything about this file. Do you have a sacrificial machine you can test it out on? |
|
| Back to top |
|
|
mbirkett
n00b
Joined: 03 Sep 2002
Posts: 45
Location: Newcastle Upon Tyne
|
| Posted: Mon Dec 23, 2002 8:12 am Post subject: |
|
|
no. i reckon i will just leave it for the mo.
but at least i know what it is.....
_________________
I am Thybrush Greepwood, a mighty privet... |
|
| Back to top |
|
|
really
Guru
Joined: 27 Aug 2002
Posts: 430
Location: nowhere
|
| Posted: Mon Dec 23, 2002 12:18 pm Post subject: |
|
|
its an .exe so probably a winshit executable. so why care?
_________________
NoManNoProblem
Get lost before you get shot. |
|
| Back to top |
|
|
kraylus
l33t
Joined: 07 Jun 2002
Posts: 648
Location: ft.worth.tx
|
| Posted: Mon Dec 23, 2002 3:18 pm Post subject: |
|
|
this looks like a job for wine! man... i always wanted to run a trojan/virus from windows in wine....
email it to me (pm me first) and ill do it when i get home.
ryan
_________________
I used gentoo BEFORE it was cool. |
|
| Back to top |
|
|
pilla
Administrator
Joined: 07 Aug 2002
Posts: 7192
Location: Pelotas, BR
|
| Posted: Mon Dec 23, 2002 3:39 pm Post subject: |
|
|
Next post: I run a virus using wine and it screwed my Gentoo!!!  You'd be the joke of the forum for quite some time...
| kraylus wrote: | this looks like a job for wine! man... i always wanted to run a trojan/virus from windows in wine....
email it to me (pm me first) and ill do it when i get home.
ryan |
|
|
| Back to top |
|
|
hook
Veteran
Joined: 23 Oct 2002
Posts: 1398
Location: Ljubljana, Slovenia
|
| Posted: Mon Dec 23, 2002 3:41 pm Post subject: |
|
|
that's a must see 
_________________
tea+free software+law=hook
(deep inside i'm still a tux's little helper) |
|
| Back to top |
|
|
perry
Tux's lil' helper
Joined: 18 Nov 2002
Posts: 142
Location: Cornfields of Indiana
|
| Posted: Mon Dec 23, 2002 5:35 pm Post subject: |
|
|
| kraylus wrote: | this looks like a job for wine! man... i always wanted to run a trojan/virus from windows in wine....
email it to me (pm me first) and ill do it when i get home.
ryan |
Wine does run windows virii/trojans/worms/nastys .. In particular, the Klez.. This article was linked on Slashdot a couple months ago.. |
|
| Back to top |
|
|
really
Guru
Joined: 27 Aug 2002
Posts: 430
Location: nowhere
|
| Posted: Mon Dec 23, 2002 7:27 pm Post subject: |
|
|
| perry wrote: | | kraylus wrote: | this looks like a job for wine! man... i always wanted to run a trojan/virus from windows in wine....
email it to me (pm me first) and ill do it when i get home.
ryan |
Wine does run windows virii/trojans/worms/nastys .. In particular, the Klez.. This article was linked on Slashdot a couple months ago.. |
yyou all know that that article is not telling the trueth.
its FUD!!!
_________________
NoManNoProblem
Get lost before you get shot. |
|
| Back to top |
|
|
kraylus
l33t
Joined: 07 Jun 2002
Posts: 648
Location: ft.worth.tx
|
| Posted: Fri Dec 27, 2002 9:10 pm Post subject: |
|
|
yep, it's total bs. notice how this guy backs his story up every chance he gets.
in any case, i dont think running a trojan in wine would screw up a gentoo system.
and it's game-over for whichever trojan/virus/worm i ran. anyone got an exe file i can try?
_________________
I used gentoo BEFORE it was cool. |
|
| Back to top |
|
|
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Sat Dec 28, 2002 3:14 am Post subject: |
|
|
VMware is perfect for this -- take a Windows installation, change the disk type to a non-persistent type (so it won't permanently alter anything), and run your virus. Attack it with debuggers, protocol analyzers, and Windows message spies -- then, when you've gathered all of the data you want, tell it to "Power Off", change your disk back, and nothing has changed. 
_________________
I don't believe in witty sigs. |
|
| Back to top |
|
|
|
Off the Wall
