new virus or worm? (MoreInfo.CPL)

[DVNT1]

Quote:

Hello username
I'm a young lady of 20 years old i'd like to find my second part!!!

Attached file will tell you everything.

Sincerely, Annie

Then attached are two files.

image12.jpeg and MoreInfo.CPL

The jpeg is really a picture file. BUt I don't understand the CPL file yet. Normally CPL files are Control Panels related files but I don't know what damage may happen from this. CPLs are not "executable" as is (in W2K anyway).

I'm guessing it's a bad attempt of making another worm/virus. Anyone have more info?

[DVNT1]

Seeing more email messages like this but now as JPEG and HTA files.

I know HTA files can be ran via IE and this particular one gets information from your computer (using VB script) and sends it out.

Bad stuff for sure.

[soundgirl]

I received one of those today, from Luckycharmsjj@conwaycor.net. I didn't open the message; instead, I deleted it, but how dangerous is this .cpl file (in laymen's terms, please!)?

[ArcticFox]

Can I have that picture?

Post 1969 - I feel so....high! As high as the moon...

[DVNT1]

In the samples I've seen, the CPL file is only being used as an executable dropper. This is normally being done with an accompaning script (like pif, html, scr, com, exe) in the email.

My first email with the CPL file did not have an accompanying script or execuatable. But all others since then have had it.

[soundgirl]

I received another e-mail from the same sender but with a .com attachment this time. I don't know enough about decoding, or I would check this one out. Do you want to take a look at it and the other one? Or should I just delete them?

[DVNT1]

just delete them