New variant of Virus ? --> issue identified.
From: Hubbard, Dan (dhubbard_at_websense.com)
Date: 01/28/04
- Previous message: Jared Mittleman: "Novarg/Mydoom coming in through web pages?"
- Next in thread: Meritt James: "Re: New variant of Virus ? --> issue identified."
- Reply: Meritt James: "Re: New variant of Virus ? --> issue identified."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jan 2004 08:35:49 -0800 To: <incidents@securityfocus.com>
Sophos now has a signature for this. It's a keylogging trojan that sends
backing information when well known bank sites are accessed and send the
keystrokes via email. I have not been able to dissect the details yet
but will post them when I do.
http://www.sophos.com/virusinfo/analyses/trojstawina.html
It looks like there maybe a new variant of the virus MyDoom worm. We
have seen the following:
RE: I still love you fLctv
Error 551: We are sorry your UTF-8 encoding is not supported by the
server, so the text was automatically zipped and attached to this
message.
The file attached is message.zip and unzips to message.exe
I am analyzing the file for behavior and will update, but has anyone
else seen this yet ?
The latest Nassoc DAT does not cover this.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Jared Mittleman: "Novarg/Mydoom coming in through web pages?"
- Next in thread: Meritt James: "Re: New variant of Virus ? --> issue identified."
- Reply: Meritt James: "Re: New variant of Virus ? --> issue identified."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
