[unisog] New virus
Goverts IV, Paul
pgoverts at sjfc.edu
Tue Nov 22 15:17:54 GMT 2005
I was wondering if anyone had seen anything like this today....
We have been seeing a new virus going around this morning that is coming
in via an email appearing to be from "webmaster" "register" and "admin"
@(WhateverDomainIsBeingTargeted). It tells users to click on the
attachment which is an .scr file disguised as an .htm file (inside a zip
file). When the attachment is run, the virus disables Symantec
Antivirus, Task Manager, and Ethereal. It then runs a program
(C:\Windows\system32\Win32IMAPSVR.EXE) which opens a connection to
126.96.36.199:27999 apparently to wait for instructions. Our GFI
antivirus on our mail servers didn't start filtering this out until
about 8:30am this morning, and the latest definitions from Symantec
(11/21/05 rev 6) do not detect this yet. Anyone else seeing this?
Paul Goverts IV
St. John Fisher College
Rochester, NY 14618
"Ask yourself - Where are you going? Who is going with you?" -- "Col."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the unisog