Educause Security Discussion mailing list archives
Re: "Yay" Malware
From: Scott Fendley <scottf () UARK EDU>
Date: Thu, 11 Jan 2007 22:58:27 -0600
Heya Tim et al, Thankfully we have not seen it on our campus as of yet. However, I do know from communication with the Internet Storm Center that a sample has been sent to all of the major antivirus venders earlier in the day. I would expect that definitions will be out for the initial variation of this malware soon. After determining the attack vector/infection technique, I would typically reinstall or reimage the computer. I may be a little paranoid, but I really don't like not knowing positively what the state of security really is after a compromise of this nature. It would be great if any determination could be made as to what the infection vector might have been. Email, IM, website download? From the reports I have seen it seems the file that appears to be part of the 1st stage infection is C:\WINDOWS\SYSTEM32\usb.exe. Hopefully I will have more details in the morning that I can share. Scott At 07:25 PM 1/11/2007, Tim Lane wrote:
Hi All, has anyone seen (for want of a better term) the Yay Malware. We are seeing a small window with the word "yay" in it appear on the desktop with a lot of outgoing traffic. A search on Google cites quite a few people seeing this in the last 24 hours but no resolution. We have tried to remove it with: Symantec AV Adaware Spybot S&D Defender XoftSpySE MSRT Seems like it may be very new and the AV vendors have not caught on yet.... If anyone has seen it and mitigated it I would be interested to hear. Thanks, TimTim Lane Information Security Program Manager Information Technology and Telecommunication Services Southern Cross University PO Box 157 Lismore NSW 2480 (02 6620 3290 7 02 6620 3033 - tlane () scu edu au 8 <http://www.scu.edu.au>http://www.scu.edu.au
Current thread:
- "Yay" Malware Tim Lane (Jan 11)
- <Possible follow-ups>
- Re: "Yay" Malware RL Vaughn (Jan 11)
- Re: "Yay" Malware Scott Fendley (Jan 11)
- Re: "Yay" Malware RL Vaughn (Jan 12)
- Re: "Yay" Malware Parker, Ron (Jan 12)
- Re: "Yay" Malware Flagg, Martin D. (Jan 12)
- Re: "Yay" Malware David Taylor (Jan 12)
- Re: "Yay" Malware David Gillett (Jan 12)
- Re: "Yay" Malware RL Vaughn (Jan 12)