I haven't heard of this message before, however, many messages such as these have
header info generated ("brand spoofing"), which thus varies the sender/subject lines
from message to message.
The first thing I would do when my system boots back up is check Task Manager for
currently running processes on the system. Anything peculiar should be checked out.
You should also perform a port-scan, if you have the tools, to make sure there haven't
been any ports opened up that are running an unwanted service.
There are tools, such as Ad-aware that can be used to scan for malware on your Windows
system (www.ad-aware.com). Symantec and others are helpful, but only for known
viruses.
Of course, the best cure is to not open emails from unexpected sources, but if you
must, at least open them in "text only", as this may reduce the risk involved,
especially if this becomes an ongoing problem.
If a re-install is needed, just be sure to start the firewall before attaching it to a
network and make note of all the processes that run by default, so you will always
know exactly what should be running on your system. One thing they teach you in SANS
courses is that if you don't know what's running on your system and what your network
and CPU load is on an average day . . . how will you ever know if your systems been
breeched.
--
jfshadow
> Message: 1
> Date: Mon, 29 Dec 2003 09:39:58 -0800 (PST)
> From: Montana Tenor <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [Full-Disclosure] Jefferson-Is this a known problem? Trojans?
>
> Hello Everyone,
>
> A friend of mine was opening an email in front of me
> when her XP machine crashed. I thought maybe it was a
> power spike or something so she powered up and went
> back to the email, clicked to view the message from
> hotmail.com, the machine powered off again. She
> erased the message before I could forward it to an
> offsite machine, but the details as I remember them
> were:
>
> Sender=Jefferson (she knows a Jefferson)
> Subject=(blank)
> Open the message and immediately powers off the
> machine.
>
> My question to you is, now that her machine is
> possibly comprimised, what tools can I use to check
> for trojans or other things that could have been
> installed. I've run her Symantec System Scanning
> tool, and it shows no known problems. Has anyone
> heard of this specific message, and is it simply
> designed to be annoying or does it install malware on
> the machine? I know this information is vague, any
> advise is welcome.
>
> Kindest Regards,
> Matt
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
