nagios
+ Reply to Thread
Results 1 to 4 of 4

Thread: Virus / trojan delivered via SMIME?

  1. #1
    Join Date
    May 2001
    Posts
    218

    Question

    MrByte is doing a great job.:-) The new forums are super!
    I posted this SMIME question before and got no replies. I dunno if it's a stupid question or nobody has an answer, idea, s***estion, etc..
    I received a smime.p7s email attachment from a suspicious source, and would be happy to send this attachment to anyone who could analyze it. I've read that viruses/trojans can be delivered via SMIME but can find little info on this on the Web. Also believe anti-virus progs can't detect all encrypted viruses/trojans. Does anybody have any info on this?

    BS

  2. #2
    Join Date
    May 2001
    Posts
    6
    Yeah...I think you might be thinking of something called "God Message". It is a HUGE VBS or Java script.

    It really just links you to a website
    that has the download you want on. but on the website you came from it's got
    the safe for scripting tag. But yes...if you wanted it to it could download a malicious program onto the HDD. "The user could've logged off, you could be uploading this script to a totally innocent user, and thinking that you got the culprit." Yes...there are a few checks that you can perform to get the "right" IP. First you may designate an IP class i.e.:

    255.255.255.255

    You have to designate the second from the left class. I get confused wether
    that it is the B or C class...oh well...anyway. You can't really designate a
    single IP but only the class. This means that (255 x 255) people could get
    infected. That is unfortunate...but you WILL GET them this way.

    "What about firewalls?". Good point! But the firewalls aren't really
    effected since it is only "safe for scripting" java passing through. It's
    not as though it is a UDP scan which would cause any half decent firewall to
    respond.

    You could open the file on the users PC but you'd have to get the file path
    exactly right. Firstly when you say to the script "download this file
    without the users permission" you can't specify where to download it. It
    just downloads it. You could make a lucky guess and say
    "C:\Windows\Temporary Internet Files\Unsafescript.exe"
    There again...the user may not have a C:\ drive. I have mine called G:\ and
    H:\. This is a good last resort just incase it get's past all my stuff. Also
    their windows path may not be called "C:\Windows". I've changed mine to
    "G:\Needed Files". If you execute the exe in supposedly "Windows" but it is
    really in "Needed files". The user gets alovely warning in their IE browser
    saying "cannot find hostilescript in c:\Windows\Temporary Internet Files.
    Would you like to search for this file yourself". So you usually have to
    wait for them to open it. Although with some really complicated scripting,
    well beyond me you can import it into the Windows startup registry so the
    next time he boots back up it's autostarted. A bit useless on a server
    though since they don't reboot for ages.






    I'm sorry if parts of that are confusing. I've just explained it to another guy so I just copied and pasted what was said! Hope you don't mind!


  3. #3
    Join Date
    May 2001
    Posts
    218

    Question

    Hmmm...

    Your right- I didn't "get" all that.:-)
    This smime.p7s email attachment is small; *KB.

    BS

  4. #4
    Join Date
    May 2001
    Posts
    6
    It could probably then be a virus, Or a trojan only waiting for you to download it, so it can set itself up into the your registry to mask it's signature.

    SP

+ Reply to Thread

Similar Threads

  1. Trojan Virus in Frostwire 4.**.5 C|NET Download.com
    By william8411 in forum Viruses and Trojans
    Replies: 3
    Last Post: 08-10-2015, 10:07 AM
  2. How to remove trojan virus?
    By raju.mohan in forum Viruses and Trojans
    Replies: 17
    Last Post: 11-29-2014, 08:48 AM
  3. Possible Virus/Trojan
    By RJVetter831 in forum Viruses and Trojans
    Replies: 0
    Last Post: 07-08-2007, 02:37 PM
  4. Virus/Trojan news
    By mbravo in forum Viruses and Trojans
    Replies: 1
    Last Post: 06-04-2004, 08:04 AM
  5. Warning! Virus / Trojan alert! Free anti-virus.
    By Intrepid in forum Viruses and Trojans
    Replies: 3
    Last Post: 09-01-2001, 02:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts