New variant of Virus ? --> issue identified.

From: Hubbard, Dan (dhubbard_at_websense.com)
Date: 01/28/04

  • Next message: Gary Flynn: "Re: New variant of Virus ?"
    Date: Wed, 28 Jan 2004 08:35:49 -0800
    To: <incidents@securityfocus.com>
    
    

    Sophos now has a signature for this. It's a keylogging trojan that sends
    backing information when well known bank sites are accessed and send the
    keystrokes via email. I have not been able to dissect the details yet
    but will post them when I do.

    http://www.sophos.com/virusinfo/analyses/trojstawina.html

    It looks like there maybe a new variant of the virus MyDoom worm. We
    have seen the following:

    RE: I still love you fLctv

    Error 551: We are sorry your UTF-8 encoding is not supported by the
    server, so the text was automatically zipped and attached to this
    message.

    The file attached is message.zip and unzips to message.exe

    I am analyzing the file for behavior and will update, but has anyone
    else seen this yet ?

    The latest Nassoc DAT does not cover this.

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Gary Flynn: "Re: New variant of Virus ?"