Educause Security Discussion mailing list archives
[REN-ISAC] ALERT: .EDU-targeted virus
From: Doug Pearson <dodpears () INDIANA EDU>
Date: Fri, 14 Oct 2005 13:22:58 -0500
The following was shared by SANS ISC[1] Handlers. We'll follow-up with more information as it becomes available. Doug Pearson PGP: http://mypage.iu.edu/~dodpears/dodpears_pubkey.asc Research and Education Networking ISAC 24x7 Watch Desk: +1(317)278-6630, ren-isac () iu edu http://www.ren-isac.net to join REN-ISAC, visit http://ren-isac.net/registry.html -------------------------------------------------------------------------- This was submitted by a user who wished to remain anonymous.
Today we've seen several incidents of what appears to be a .edu targeted piece of malware. The payload is contained in the attachment Photo_+_Article.zip . virusscan.jotti.org has a poor hitrate on detection. The message body might be particularly convincing to the more prominent members of a .edu (luckily I'm not) and follows: Hello, We have been thinking of including you in the new campus magazine in an article headed "Campus Life". Can you approve the photo and article for us before we go to printing please. If any details are wrong then we can amend before printing on Friday the 28th of October so please get back to us as soon as possible. Many Thanks & Best Regards, J Chuang Editor ******************************************************************************* Please respond before Wednesday 26th to ensure we have time to edit! *******************************************************************************
FILE UPLOAD. Original File Name: Photo_+_Article.zip
We've bounced this one off to virustotal. Hopefully the AV vendors will pick up on it quickly. Thanks for the notice.
-------------------------------------------------------------------------- [1] http://isc.sans.org/
Current thread:
- [REN-ISAC] ALERT: .EDU-targeted virus Doug Pearson (Oct 14)
- <Possible follow-ups>
- Re: [REN-ISAC] ALERT: .EDU-targeted virus Carol Myers (Oct 14)