Suspecious JPEG Files

Hello,

I recieved via e-mail two JPEG files, one of them was not opened properly (Default error message was displayed on the Windows Picture Viewer).
The sender is known to me, and I suspect he was trying to attack my computer (I recieved also an infected executable file from him just a short time before, and I didn't opened it).

If anyone is interested in trying to analyse the files, I'd be mostly grateful. Please contact me and I will send you the files.

Thanks!

On Fri, 01 Feb 2008 17:10:13 GMT, poddima@... said:

> The sender is known to me, and I suspect he was trying to attack my computer
> (I recieved also an infected executable file from him just a short time before,
> and I didn't opened it).

Note that "his computer sent infected files" is *NOT* the same thing as
"he was trying to attack".  The vast majority of cases, it's some malware
that's gotten onto the machine and is doing the attacking totally without
the user's knowledge.

Remember - if the sender is known to you, they probably have your e-mail
address in a file (address book, saved mail, whatever), where malware can
grovel through it and find likely addresses to send itself.

1) Install sandboxie on your system.
2) install filemon and regmon on your system
3) disconnect system from network
4) run filemon and regmon
5) run suspect program in sandbox
6) wait a little then kill, but don't delete sandbox.

Now you can look at regmon and filemon to see what the program was
trying to access/do without it killing your system.



On 1 Feb 2008 17:10:13 -0000, poddima@... <poddima@...> wrote:

--
Kindest Regards,

Geoff