[unisog] This seems a spyware. Is this?

Joel Esler eslerj at gmail.com
Mon Apr 16 02:23:36 GMT 2007


This was the most recent iteration of the "Storm worm".  It was on
http://isc.sans.org as it was going on.

On 4/13/07, yamanoue at cc.kagoshima-u.ac.jp <yamanoue at cc.kagoshima-u.ac.jp> wrote:
> Dear All
>   I'm very glad to have so many replies.
>   Thank you very much.
>   I uploaded the attachment to the virustotal.com.
>   The file was Trojan.Peacomm!zip.
>   I've sent a warning to my universities users.
>
>   Takashi
>
> -----Original Message-----
> From: unisog-bounces at lists.dshield.org
> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of takashi yamanoue
> Sent: Friday, April 13, 2007 8:48 AM
> To: 'UNIversity Security Operations Group'
> Subject: [unisog] This seems a spyware. Is this?
>
> Hi.
>   I'm takashi from Japan.
>   I've received the following mail today.
>   It seems a malicious mail with a spyware.
>   Does anyone know something about this mail?
>   The mail has an attached file, bugfix-48566.zip (38 KB),
>   and the following text was an image.
>
>   Regards,
>
> Takashi Yamanoue, Dr.
> Computing and Communications Center, Kagoshima University
> yamanoue at cc,kagoshima-u.ac.jp
> http://yama-linux.cc.kagoshima-u.ac.jp/~yamanoue
> +81-99-285-7187
> -------------------------
> Dear Customer,
>
> Our robot has detected an abnormal activity from your IP Address on sending
> e-mails. Probably it is connected with the Last epidemic of a worm which
> does not have offical patches At the moment.
> We recommend you to install this patch to remove worm files And stop email
> sending, otherwise your account will be Blocked.
> We had archived the patch becouse the worm can modify Anpacked exe files.
> You should open the archive file, enter The password and run the patch
> immediately.
>
> Password: van43
>
> Customer Support Center Robot.
>
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>


-- 
--Joel Esler
ISC Incident Handler
http://www.incidents.org


More information about the unisog mailing list