[unisog] New Virus
rhermida at panam.edu
Tue Dec 6 17:18:33 GMT 2005
Yes, this is part of a new AIM worm:
Information Security Specialist
The University of Texas Pan American
I was wondering if anyone had seen anything like this today....
We have been seeing a new virus going around this morning that is coming
in via an email appearing to be from "webmaster" "register" and "admin"
@(WhateverDomainIsBeingTargeted). It tells users to click on the
attachment which is an .scr file disguised as an .htm file (inside a zip
file). When the attachment is run, the virus disables Symantec
Antivirus, Task Manager, and Ethereal. It then runs a program
(C:\Windows\system32\Win32IMAPSVR.EXE) which opens a connection to
22.214.171.124:27999 apparently to wait for instructions. Our GFI
antivirus on our mail servers didn't start filtering this out until
about 8:30am this morning, and the latest definitions from Symantec
(11/21/05 rev 6) do not detect this yet. Anyone else seeing this?
Paul Goverts IV
St. John Fisher College
Rochester, NY 14618
"Ask yourself - Where are you going? Who is going with you?" -- "Col."
More information about the unisog