Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Novarg.A signature

From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Wed, 28 Jan 2004 00:35:22 -0600
E-mail admins / IDS analysts:

This following is a highly accurate
Novarg.A signature:

-----------------------------------
wrapped for AVscanner's digestion
-----------------------------------

ApIAUCZKAEAD/bJpmiwQBPQl6AEAS85pmm7ZH
8gqwAO4sKimaZqmoJiQiICapmmaeHBoYFhQzWCf

It has been tested it on several thousand
pieces of Novarg.A infected e-mail and
has not yet exhibited any collateral damage.

One caveat is that there does seem
to be another variant of Novarg that
writes the infected EXE into a ZIP
file that is not auto-extracting..
The above signature does NOT work
in this particular case, but I'm
only seeing one of these for every
5000 or so self-executing Novarg.As..  

~cam.

Cam Beasley
Information Security Office
The University of Texas at Austin
cam () mail utexas edu
---------------------------
Report Abuse To:
- abuse () utexas edu
- 512.475.9242
---------------------------

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: