stoermer at unt.edu
Fri Jan 10 20:31:12 GMT 2003
There appears to be a new strain of Downloader virus goin through email. The email virus is being propagated by spoofed big at boss.com. Travis has blocked mail with that address and we are working to find why McAfee isn't catching the file when it's opened.
Here are the entrails we have found so far:
Email from big boss with subject of "movie clip", or "here's that movie"
The attached file is a pif that spawns winmgm32.exe and adds a win/run in the registry for itself. McAfee is missing all of this activity, but after that, the exe (assumption) deploys sysmgmt32.dll at some point to system32 which is infected with Downloader-BN Trojan and McAfee does pick that up.
So far, we have only have 4 infections.
Computer Support Specialist III
UNT-College of Business Admin.
More information about the unisog