Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [REN-ISAC] ALERT: .EDU-targeted virus

From: Carol Myers <carol.myers () PVMAIL MARICOPA EDU>
Date: Fri, 14 Oct 2005 11:24:12 -0700
It visited our system yesterday...

--

Carol Myers, CISSP
Information Resources & Technology Services
Paradise Valley Community College    http://www.pvc.maricopa.edu
602-787-7788

"One ought, every day at least, to hear a little song, read a good poem, see a fine picture, and, if it were possible, to 
speak a few reasonable words."  --Johann Wolfgang von Goethe


Doug Pearson wrote:


The following was shared by SANS ISC[1] Handlers. We'll follow-up with
more information as it becomes available.

Doug Pearson
PGP: http://mypage.iu.edu/~dodpears/dodpears_pubkey.asc
Research and Education Networking ISAC
24x7 Watch Desk: +1(317)278-6630, ren-isac () iu edu
http://www.ren-isac.net
to join REN-ISAC, visit http://ren-isac.net/registry.html

--------------------------------------------------------------------------

This was submitted by a user who wished to remain anonymous.




Today we've seen several incidents of what appears to be a .edu targeted
piece of malware.

The payload is contained in the attachment Photo_+_Article.zip .
virusscan.jotti.org has a poor hitrate on detection.

The message body might be particularly convincing to the more prominent
members of a .edu (luckily I'm not) and follows:

Hello,

We have been thinking of including you in the new campus magazine in an
article headed "Campus Life".  Can you approve the photo and article for
us before we go to printing please.

If any details are wrong then we can amend before printing on Friday the
28th of October so please get back to us as soon as possible.

Many Thanks & Best Regards,

J Chuang
Editor

*******************************************************************************
Please respond before Wednesday 26th to ensure we have time to edit!
*******************************************************************************







FILE UPLOAD. Original File Name: Photo_+_Article.zip







      We've bounced this one off to virustotal.  Hopefully the AV
vendors will pick up on it quickly.
      Thanks for the notice.





--------------------------------------------------------------------------

[1] http://isc.sans.org/
Previous By Date Next
Previous By Thread Next

Current thread: