Security Incidents mailing list archives
VIRUS Riddled MIRC program?
From: "Brian Heathfield" <bh01641 () terra es>
Date: Fri, 28 Sep 2001 15:20:20 +0100
Following several odd occurrences during and after chat room sessions by other chat room members, I have done some log analysis, and found one common thread. The problems were only occurring during sessions when one or more members were using a specific IRC program. I downloaded that program today and started an analysis, but stopped after only 5 minutes, as the program had already tried to infect my PC with 7 viruses, which were various variants of three unique viruses. I then contacted McAfee lab personnel and they confirmed my findings. I also verified that all the mirror sites had exactly the same copy of this encapsulated program, and that the checksums validated correctly. The conclusion from this is that the program that originates from Turkey was encapsulated with the viruses already in. The nature of one of these viruses indicates that it may have been a deliberate act. The program is VirusScript2000, which probably says it all. Brian ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- VIRUS Riddled MIRC program? Brian Heathfield (Sep 28)