Security Incidents mailing list archives
Re: New variant of Virus ?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 30 Jan 2004 01:20:09 +1300
Gary Flynn <flynngn () jmu edu> to Hubbard, Dan:
It looks like there maybe a new variant of the virus MyDoom worm. We have seen the following: RE: I still love you fLctv Error 551: We are sorry your UTF-8 encoding is not supported by the server, so the text was automatically zipped and attached to this message.
<<snip>>
We've seen several of these here since yesterday. I submitted it last night and was told third-hand that the following Sophos definition was created for it: http://www.sophos.com/virusinfo/analyses/trojstawina.html
Yes. It seems this was distributed widely via spam about 24-36 hours ago (maybe more??). It is _not_ a self-mailer although it does contain SMTP code. It is a keylogger that looks for windows by name (specifically the names of various bank and financial sites) and captures keystrokes directed to those windows. It then mails off the keystroke logs... Various AVs have named it various things: Stawin.A PSW.Keylog.E TrojanSpy.Win32.Keylogger.aa Trojan.Spy.Keylogger.AA Trojan.Keylogger W32/Ovnod.A@pws Trojan.Nodav Trj/Govnodav.A Win32.Elkong.D -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- New variant of Virus ? Hubbard, Dan (Jan 28)
- Re: New variant of Virus ? Gary Flynn (Jan 28)
- Re: New variant of Virus ? Nick FitzGerald (Jan 29)
- Message not available
- Re: New variant of Virus ? Mike Tancsa (Jan 28)
- Re: New variant of Virus ? Luke Gill (Jan 28)
- Re: New variant of Virus ? Mike Tancsa (Jan 28)
- Re: New variant of Virus ? Gary Flynn (Jan 28)
- RE: New variant of Virus ? Larry Seltzer (Jan 28)
- RE: New variant of Virus ? falcon (Jan 28)