New variant of Virus ? --> issue identified.

From: Hubbard, Dan (
Date: 01/28/04

  • Next message: Gary Flynn: "Re: New variant of Virus ?"
    Date: Wed, 28 Jan 2004 08:35:49 -0800
    To: <>

    Sophos now has a signature for this. It's a keylogging trojan that sends
    backing information when well known bank sites are accessed and send the
    keystrokes via email. I have not been able to dissect the details yet
    but will post them when I do.

    It looks like there maybe a new variant of the virus MyDoom worm. We
    have seen the following:

    RE: I still love you fLctv

    Error 551: We are sorry your UTF-8 encoding is not supported by the
    server, so the text was automatically zipped and attached to this

    The file attached is and unzips to message.exe

    I am analyzing the file for behavior and will update, but has anyone
    else seen this yet ?

    The latest Nassoc DAT does not cover this.


  • Next message: Gary Flynn: "Re: New variant of Virus ?"