Educause Security Discussion mailing list archives
Novarg.A signature
From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Wed, 28 Jan 2004 00:35:22 -0600
E-mail admins / IDS analysts: This following is a highly accurate Novarg.A signature: ----------------------------------- wrapped for AVscanner's digestion ----------------------------------- ApIAUCZKAEAD/bJpmiwQBPQl6AEAS85pmm7ZH 8gqwAO4sKimaZqmoJiQiICapmmaeHBoYFhQzWCf It has been tested it on several thousand pieces of Novarg.A infected e-mail and has not yet exhibited any collateral damage. One caveat is that there does seem to be another variant of Novarg that writes the infected EXE into a ZIP file that is not auto-extracting.. The above signature does NOT work in this particular case, but I'm only seeing one of these for every 5000 or so self-executing Novarg.As.. ~cam. Cam Beasley Information Security Office The University of Texas at Austin cam () mail utexas edu --------------------------- Report Abuse To: - abuse () utexas edu - 512.475.9242 --------------------------- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Novarg.A signature Cam Beasley, ISO (Jan 27)
- <Possible follow-ups>
- Re: Novarg.A signature RLVaughn (Jan 28)