[unisog] This seems a spyware. Is this?
chad.giulini at gmail.com
Fri Apr 13 14:54:08 GMT 2007
We started currently receiving a relatively high number of these yesterday
and determined the payload contains a worm. Our anti-virus failed to detect
it initially, however running it through Virus Total confirmed that the
payload is malicious. Various vendors call it by different names, but I can
share that Trend Micro is classifying our sample as nuwar.aop; Kaspersky
detects it as zhelatin.ct.
I hope this helps.
On 4/12/07, takashi yamanoue <yamanoue at cc.kagoshima-u.ac.jp> wrote:
> I'm takashi from Japan.
> I've received the following mail today.
> It seems a malicious mail with a spyware.
> Does anyone know something about this mail?
> The mail has an attached file, bugfix-48566.zip (38 KB),
> and the following text was an image.
> Takashi Yamanoue, Dr.
> Computing and Communications Center, Kagoshima University
> yamanoue at cc,kagoshima-u.ac.jp
> Dear Customer,
> Our robot has detected an abnormal activity from your IP Address on
> e-mails. Probably it is connected with the Last epidemic of a worm which
> does not have offical patches At the moment.
> We recommend you to install this patch to remove worm files And stop email
> sending, otherwise your account will be Blocked.
> We had archived the patch becouse the worm can modify Anpacked exe files.
> You should open the archive file, enter The password and run the patch
> Password: van43
> Customer Support Center Robot.
> unisog mailing list
> unisog at lists.dshield.org
"A good plan, violently executed now, is better than a perfect plan next
week." General George S. Patton
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the unisog