[unisog] phishing attack against email credentials at auckland.ac.nz

Russell Kaiser russell.kaiser at gmail.com
Tue Jun 7 04:38:29 GMT 2005


On 07 Jun 2005 15:12:27 +1200, James Riden <j.riden at massey.ac.nz> wrote:

> Looks like a new Mytob variant - the executable I downloaded has the
> following md5:
> 
> % md5sum Confirm.com
> abe53b50708a546873bdf8745c3236ac  Confirm.com
> 
> Virustotal says the following:
> BitDefender     7.0     06.07.2005      Win32.Worm.Mytob.BD
> Fortinet        2.27.0.0        06.07.2005      suspicious
> Kaspersky       4.0.2.24        06.07.2005      Net-Worm.Win32.Mytob.bd
> McAfee  4507    06.06.2005      New Malware.f
> NOD32v2 1.1131  06.06.2005      a variant of Win32/Mytob
> Sybari  7.5.1314        06.07.2005      Net-Worm.Win32.Mytob.bd
> 
> all others were 'nothing found' as of this 12noon GMT+1200.
> 

Looking at Symantec's website, I see a W32/Mytob.DJ that now matches
the emails people are seeing and also mentions the 209.67 addresses
people are seeing:

http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.dj@mm.html

Note that the virus description also mentions an IRC controller
(irc.blackcarder.net port 7000).

-- 
Russell Kaiser
Russell.Kaiser at gmail.com



More information about the unisog mailing list