|
Posted by Frank Slootweg on July 22, 2004, 2:09 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Most likely a virus and most likely W32/Bagle.AA.
See for example the "Virus report" of 20 Jul 2004 on
<http://metro.com.mx/virusreport/report.cfm?>.
Note: A simple Google search on "garry.zip" (without quotes) gave this
as the *second* hit (of only 23). That wasn't too hard, was it? :-(
For W32/Bagle.AA aka W32.Beagle.X@mm see
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.x@mm.html
(again a simple search of Symantec's site on "W32/Bagle.AA" (without
quotes)).
Why don't you scan the file and see if it contains the above mentioned
virus (or any other one for that matter)?
Please also see http://www.justfuckinggoogleit.com/
> I received a strange email from an address I don't recorgnize. I suspect
> that it is either spam or a virus, but I'm not sure. I hope somebody can
> recognize it and tell me what it is (and how it is supposed to work).
>
> The email is a short HTML message with two MIME attachements:
>
> - a encrypted zip archive named Garry.zip
> - a small jpeg file which renders to an image with the word "Key"
> followed by a number
>
> The key in the jpeg file unlocks the zip archive. The latter contains:
>
> - an .exe file with a random-looking (alphabetic) name
> - a .cfg file with a different random-looking (alphabetic) name
>
> The content of the .cfg file is binary.
>
> The HTML message body has almost nothing except an <img> tag referring
> to the jpeg in the attachment.
>
> Can somebody tell me what this is (and how it is supposed to work)?
| 
XML site map