[unisog] New virus

Ken Connelly Ken.Connelly at uni.edu
Wed Dec 7 13:47:38 GMT 2005


There were several like that yesterday afternoon, but I don't think the 
originals had ever made it to the list. I know that one of them was 
mine, and I couldn't find more than yesterday's copy in my archive of 
list mail.

- ken

Goverts IV, Paul wrote:

> This is weird, I already sent this email about 2 weeks ago, somehow it 
> hiccupped back out again?
>
> Paul
>
> Paul Goverts IV
> Computer Services
> St. John Fisher College
> Rochester, NY 14618
> /
> ///"Ask yourself - Where are you going? Who is going with you?" -- 
> "////Col." Gordon Shay//
>
> ------------------------------------------------------------------------
>
> *From:* unisog-bounces at lists.sans.org 
> [mailto:unisog-bounces at lists.sans.org] *On Behalf Of *Goverts IV, Paul
> *Sent:* Tuesday, November 22, 2005 10:18 AM
> *To:* unisog at lists.sans.org
> *Subject:* [unisog] New virus
>
> I was wondering if anyone had seen anything like this today….
>
> We have been seeing a new virus going around this morning that is 
> coming in via an email appearing to be from “webmaster” “register” and 
> “admin” @(WhateverDomainIsBeingTargeted). It tells users to click on 
> the attachment which is an .scr file disguised as an .htm file (inside 
> a zip file). When the attachment is run, the virus disables Symantec 
> Antivirus, Task Manager, and Ethereal. It then runs a program 
> (C:\Windows\system32\Win32IMAPSVR.EXE) which opens a connection to 
> 208.57.228.66:27999 apparently to wait for instructions. Our GFI 
> antivirus on our mail servers didn’t start filtering this out until 
> about 8:30am this morning, and the latest definitions from Symantec 
> (11/21/05 rev 6) do not detect this yet. Anyone else seeing this?
>
> Paul
>
> Paul Goverts IV
> Computer Services
> St. John Fisher College
> Rochester, NY 14618
> /
> //"Ask yourself - Where are you going? Who is going with you?" -- 
> "Col." Gordon Shay///
>
>------------------------------------------------------------------------
>
>_______________________________________________
>unisog mailing list
>unisog at lists.sans.org
>http://www.dshield.org/mailman/listinfo/unisog
>  
>

-- 
- Ken
=================================================================
Ken Connelly Systems and Operations Manager, ITS Network Services
University of Northern Iowa           Cedar Falls, IA  50614-0121
email: Ken.Connelly at uni.edu
phone: (319) 273-5850   fax: (319) 273-7373

It's much more important to know what you don't know than what you do know!




More information about the unisog mailing list