[unisog] [REN-ISAC] ALERT: .EDU-targeted virus

Doug Pearson dodpears at indiana.edu
Fri Oct 14 18:24:52 GMT 2005


The following was shared by SANS ISC[1] Handlers. We'll follow-up with 
more information as it becomes available.

Doug Pearson
PGP: http://mypage.iu.edu/~dodpears/dodpears_pubkey.asc
Research and Education Networking ISAC
24x7 Watch Desk: +1(317)278-6630, ren-isac at iu.edu
http://www.ren-isac.net
to join REN-ISAC, visit http://ren-isac.net/registry.html

--------------------------------------------------------------------------

This was submitted by a user who wished to remain anonymous.

>> Today we've seen several incidents of what appears to be a .edu targeted
>> piece of malware.
>>
>> The payload is contained in the attachment Photo_+_Article.zip .
>> virusscan.jotti.org has a poor hitrate on detection.
>>
>> The message body might be particularly convincing to the more prominent
>> members of a .edu (luckily I'm not) and follows:
>>
>>  Hello,
>>
>> We have been thinking of including you in the new campus magazine in an
>> article headed "Campus Life".  Can you approve the photo and article for
>> us before we go to printing please.
>>
>> If any details are wrong then we can amend before printing on Friday the
>> 28th of October so please get back to us as soon as possible.
>>
>> Many Thanks & Best Regards,
>>
>> J Chuang
>> Editor
>>
>> *******************************************************************************
>> Please respond before Wednesday 26th to ensure we have time to edit!
>> *******************************************************************************

>
>> FILE UPLOAD. Original File Name: Photo_+_Article.zip

>
>        We've bounced this one off to virustotal.  Hopefully the AV
> vendors will pick up on it quickly.
>        Thanks for the notice.
>

--------------------------------------------------------------------------

[1] http://isc.sans.org/



More information about the unisog mailing list