Re: Fwd: URGENT: bot net with keylogger

[Gary Flynn <flynngn () JMU EDU>]

Dave Monnier, IT Security Office, Indiana University wrote:

> I haven't looked at it with anything Win32.
>
> The content there will hopefully be going away soon.  I've just heard
> that some folks have gotten word back from the owners.  If you haven't
> already, you may want to grab a specimen now for study. If not, folks
> can contact me off-list and I can get a copy to you.

Got it. It doesn't force a download/install on
IE 6.0. So I guess people must be clicking the
button that should read "infect me". :)

I've run across a couple sites that check the
browser before redirecting to an IE exploit
page. If you hit it with Mozilla or wget, you'll
not see the malicious content. I keep a laptop
with IE for doing stuff like that but it was down
until just a little while ago.

I assume you've submitted the code to AV vendors?

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.