Educause Security Discussion mailing list archives
Re: Skype (was password stealer)
From: Leon DuPree <duprleo () GMAIL COM>
Date: Tue, 7 Jul 2009 12:14:33 -0400
thanks On Tue, Jul 7, 2009 at 11:55 AM, Brad Judy <win-hied () bradjudy com> wrote:
Skype put together a security webpage specifically targeted at universities a while back (when supernode discussions were a big topic). http://www.skype.com/security/universities/ They also have a security blog, but it’s mostly about vulnerabilities and Skype-related phishing/malware. http://share.skype.com/sites/security/ Brad Judy *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Leon DuPree *Sent:* Tuesday, July 07, 2009 10:53 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] ET TROJAN Generic Password Stealer User Agent Detected (RookIE) Anyone have any feedback on Skype Security for a University? Leon DuPree University of Michigan LSA Intern On Mon, Jul 6, 2009 at 5:53 PM, Gary Warner <gar () cis uab edu> wrote: That's a video game password stealer: http://www.virustotal.com/analisis/8a8e255862ecab9d0943970e7d564f6c879a4acf4e386adfb44437e777016b07-1243403990 During the month of June 2009, we actually have 493 unique MD5s in our database that show up as some version of Magania, but none of them are the MD5 that you mentioned. The name comes from the fact that the trojan specifically steals password from "Gamania" (which is a bilingual pun on the words "Gaming orange" and "Game Mania") specifically from their top MMORPG, Lineage Online. We've seen it spread as an executable attachment, and also as a drive-by downloader. -- ---------------------------------------------------------- Gary Warner Director of Research in Computer Forensics The University of Alabama at Birmingham 205.934.8620 205.422.2113 gar () cis uab edu gar () askgar com ----------------------------------------------------------- ----- Original Message ----- From: "Russell Fulton" <r.fulton () AUCKLAND AC NZ> To: SECURITY () LISTSERV EDUCAUSE EDU Sent: Sunday, June 21, 2009 4:01:16 PM GMT -06:00 US/Canada Central Subject: [SECURITY] ET TROJAN Generic Password Stealer User Agent Detected (RookIE) We are getting lots of machines with hits on this, particularly student laptops on the wireless network. I managed to track down this reference: http://www.threatexpert.com/report.aspx?md5=c3c72f77f53bb50deec784c89f7c8f62 does anyone know any m ore about this threat? Russell.
Current thread:
- Re: Skype (was password stealer) Brad Judy (Jul 07)
- <Possible follow-ups>
- Re: Skype (was password stealer) Leon DuPree (Jul 07)
- Re: Skype (was password stealer) Leon DuPree (Jul 07)
- Re: Skype (was password stealer) Leon DuPree (Jul 07)