Educause Security Discussion mailing list archives

Re: "Yay" Malware

From: RL Vaughn <Randy_Vaughn () BAYLOR EDU>
Date: Fri, 12 Jan 2007 17:41:55 -0600

TCP SYN packets to 88.80.5.21:80



David Taylor wrote:

Does anyone know what kind of 'outgoing traffic' this is?

From: Tim Lane [mailto:tlane () SCU EDU AU]
Sent: Thursday, January 11, 2007 8:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] "Yay" Malware

Hi All,

has anyone seen (for want of a better term) the Yay Malware.  We are seeing
a small window with the word "yay" in it appear on the desktop with a lot of
outgoing traffic.  A search on Google cites quite a few people seeing this
in the last 24 hours but no resolution.

We have tried to remove it with:

Symantec AV
Adaware
Spybot S&D
Defender
XoftSpySE
MSRT

Seems like it may be very new and the AV vendors have not caught on yet....

If anyone has seen it and mitigated it I would be interested to hear.

Thanks,

Tim

Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

(02 6620 3290   7             02 6620 3033   - tlane () scu edu au
8  <http://www.scu.edu.au> http://www.scu.edu.au

Current thread:

"Yay" Malware Tim Lane (Jan 11)
- <Possible follow-ups>
- Re: "Yay" Malware RL Vaughn (Jan 11)
- Re: "Yay" Malware Scott Fendley (Jan 11)
- Re: "Yay" Malware RL Vaughn (Jan 12)
- Re: "Yay" Malware Parker, Ron (Jan 12)
- Re: "Yay" Malware Flagg, Martin D. (Jan 12)
- Re: "Yay" Malware David Taylor (Jan 12)
- Re: "Yay" Malware David Gillett (Jan 12)
- Re: "Yay" Malware RL Vaughn (Jan 12)