Security Incidents mailing list archives

Re: New variant of Virus ?

From: Mike Tancsa <mike () sentex net>
Date: Wed, 28 Jan 2004 12:45:44 -0500

I got one of these as well. f-prot will pick it up in the next defs asW32/Ovnod.A@pws according to the feedback I got.


% md5 message.exe
MD5 (message.exe) = 6e1aa7ec98aac34fd3a329569098f284

is the one I got. It came from

Received: from compuserve.com ([211.239.72.207]) Tue, 27 Jan 2004 14:31:31-0500 (EST)


        ---Mike

At 05:13 PM 27/01/2004, Hubbard, Dan wrote:

It looks like there maybe a new variant of the virus MyDoom worm. We
have seen the following:

RE: I still love you  fLctv

Error 551: We are sorry your UTF-8 encoding is not supported by the
server, so the text was automatically zipped and attached to this
message.

The file attached is message.zip and unzips to message.exe

I am analyzing the file for behavior and will update, but has anyone
else seen this yet ?

The latest Nassoc DAT does not cover this.




---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

New variant of Virus ? Hubbard, Dan (Jan 28)
- Re: New variant of Virus ? Gary Flynn (Jan 28)
  - Re: New variant of Virus ? Nick FitzGerald (Jan 29)
- Message not available
  - Re: New variant of Virus ? Mike Tancsa (Jan 28)
    - Re: New variant of Virus ? Luke Gill (Jan 28)
- RE: New variant of Virus ? Larry Seltzer (Jan 28)
  - RE: New variant of Virus ? falcon (Jan 28)