What is penalty for deliberately sending trojans (UK)

  • Thread starter Thread starter S.Boardman
  • Start date Start date
S

S.Boardman

An ex-friend of a family member is sending attachments we believe to be the
Munga trojan. This has yet to be 100% confirmed. Physical threats, phone
calls and text meassages have failed and now this moron is trying a new
tactic.

If the attachments are confirmed, and it was prosecuted under the computer
misuse act, what would be the likely result?
 
S.Boardman said:
An ex-friend of a family member is sending attachments we believe to
be the Munga trojan. This has yet to be 100% confirmed. Physical
threats, phone calls and text meassages have failed and now this
moron is trying a new tactic.

If the attachments are confirmed, and it was prosecuted under the
computer misuse act, what would be the likely result?
Click to expand...

This trojan has been around since 1999. It is unlikely that your ex friend
is deliberately trying to attack people, I guess (maybe I'm wrong) because
surely everyone would have an antivirus product which will detect it. I have
found that physical threats are rarely effective. Maybe they regard you as
an irritant (no insult intended!) and disregard what you say. Perhaps your
best strategy is to block messages from them. After all, you've told them -
and they chose to ignore it. What else can you do, apart from complain to
their ISP?

Sorry I can't comment on your question about the computer misuse act.

Take care,

John.
 
Mr E said:
This trojan has been around since 1999. It is unlikely that your ex friend
is deliberately trying to attack people, I guess (maybe I'm wrong) because
surely everyone would have an antivirus product which will detect it. I have
found that physical threats are rarely effective. Maybe they regard you as
an irritant (no insult intended!) and disregard what you say. Perhaps your
best strategy is to block messages from them. After all, you've told them -
and they chose to ignore it. What else can you do, apart from complain to
their ISP?

Sorry I can't comment on your question about the computer misuse act.

Take care,

John.
Click to expand...

His brother in law threatened to break both his legs and scratched his car.
There are various text messages, and other e-mails threatening him. Suddenly
he turns nice and sends the attachment, with friendly hook lines to open the
attachment, hdkp5b.exe.
Take a look at
http://www.hackology.com/programs/hdkp/ginfo.shtml
Like I say, it's just being confirmed, what it is. The solicitor is very
interested. So are the police. Sending the trojan is just the final nail in
the coffin.
This guy *thinks* he sending a trojan. However McAfee isn't picking it up.
That's why it's going to have to be confirmed.
 
His brother in law threatened to break both his legs and scratched his car.
There are various text messages, and other e-mails threatening him. Suddenly
he turns nice and sends the attachment, with friendly hook lines to open the
attachment, hdkp5b.exe.
Take a look at
http://www.hackology.com/programs/hdkp/ginfo.shtml
Like I say, it's just being confirmed, what it is. The solicitor is very
interested. So are the police. Sending the trojan is just the final nail in
the coffin.
This guy *thinks* he sending a trojan. However McAfee isn't picking it up.
That's why it's going to have to be confirmed.
Click to expand...

Very interesting sounding case.

If you would like an independent analysis of the suspect hdkp5b.exe file,
you are welcome to contact me directly by Email. I am a former editor of
the Virus Bulletin magazine and now work as an independent virus analyst
and antivirus consultant.
 
Nick FitzGerald said:
Very interesting sounding case.

If you would like an independent analysis of the suspect hdkp5b.exe file,
you are welcome to contact me directly by Email. I am a former editor of
the Virus Bulletin magazine and now work as an independent virus analyst
and antivirus consultant.
Click to expand...
What's it going to cost ;-)
Anyhow, we're not sure it is a trojan. I e-mailed (zipped) to a
knowledgeable friend. It only appears to be 1 byte, which apparently isn't
enough, it has to be at least two bytes.It definitely attempted to install
something, but it was never picked up by McAfee (latest defs).
 
Anyhow, we're not sure it is a trojan. I e-mailed (zipped) to a
knowledgeable friend. It only appears to be 1 byte, which apparently isn't
enough, it has to be at least two bytes
Click to expand...

Is that two bytes zipped or unzipped. lol :)


Jim.
 
S.Boardman said:
What's it going to cost ;-)
Nothing.

Anyhow, we're not sure it is a trojan. I e-mailed (zipped) to a
knowledgeable friend. It only appears to be 1 byte, which apparently isn't
enough, it has to be at least two bytes.It definitely attempted to install
something, but it was never picked up by McAfee (latest defs).
Click to expand...

Hmmmm -- so you decided it was the Munga Trojan based on the _filename_
of the attachment?

Many Email gateway scanners replace unwanted attachments with null, empty or
otherwise invalid attachments.
 
Nick FitzGerald said:
Hmmmm -- so you decided it was the Munga Trojan based on the _filename_
of the attachment?
Click to expand...

We thought it might be, since after Googling it was the only lead we had, as
McAfee didn't pick it up.
Many Email gateway scanners replace unwanted attachments with null, empty or
otherwise invalid attachments.
Click to expand...
Freeserve is the ISP, and it lets other infected items through. I might
e-mail them just to confirm. I can get the attachment e-mailed to you if you
*really* want it...
 
Nick FitzGerald said:
snip!

Many Email gateway scanners replace unwanted attachments with null, empty or
otherwise invalid attachments.
Click to expand...
I have checked with the ISP. They don't do this.
 
"S.Boardman" <[email protected]> replied to me:

We thought it might be, since after Googling it was the only lead we had, as
McAfee didn't pick it up.
Click to expand...

In general, filenames have no diagnostic value. Very little malware stops being
malicious simply by renaming the file (at least, so long as the filetype is not
changed as part of the renaming).
Freeserve is the ISP, and it lets other infected items through. I might
e-mail them just to confirm. I can get the attachment e-mailed to you if you
*really* want it...
Click to expand...

A one-byte file is not going to be of any interest.

A complete copy of the raw Email may still hold enough clues to be useful. If
you still have the Email, and assuming you use OE for Email as well as News,
select the message (click on its entry in the list of messages in whichever
folder you have it), click on the File menu, click on the Save As... option,
make sure the "Save as type:" option is set to ".eml", select a location where
you'll easily find the file (Desktop, My Documents, whatever), type in a name
(say "for_nick" without the quotes) in the "File name:" field then click the
Save button.

Now compose an Email to my address (yes, this one -- no munging, spam-blocking,
etc in force here) and attach that file.
 
Back
Top