[unisog] New Virus

rhermida@panam.edu rhermida at panam.edu
Tue Dec 6 17:18:33 GMT 2005

Yes, this is part of a new AIM worm:




Ramon Hermida
Information Security Specialist
The University of Texas Pan American


I was wondering if anyone had seen anything like this today....


We have been seeing a new virus going around this morning that is coming
in via an email appearing to be from "webmaster" "register" and "admin"
@(WhateverDomainIsBeingTargeted).  It tells users to click on the
attachment which is an .scr file disguised as an .htm file (inside a zip
file).  When the attachment is run, the virus disables Symantec
Antivirus, Task Manager, and Ethereal.  It then runs a program
(C:\Windows\system32\Win32IMAPSVR.EXE) which opens a connection to apparently to wait for instructions.  Our GFI
antivirus on our mail servers didn't start filtering this out until
about 8:30am this morning, and the latest definitions from Symantec
(11/21/05 rev 6) do not detect this yet. Anyone else seeing this?




Paul Goverts IV
Computer Services
St. John Fisher College
Rochester, NY 14618

"Ask yourself - Where are you going?  Who is going with you?"  -- "Col."
Gordon Shay

More information about the unisog mailing list