Re: Skype (was password stealer)

[Leon DuPree <duprleo () GMAIL COM>]

thanks

On Tue, Jul 7, 2009 at 11:55 AM, Brad Judy <win-hied () bradjudy com> wrote:

>  Skype put together a security webpage specifically targeted at
> universities a while back (when supernode discussions were a big topic).
>
>
>
> http://www.skype.com/security/universities/
>
>
>
> They also have a security blog, but it’s mostly about vulnerabilities and
> Skype-related phishing/malware.
>
>
>
> http://share.skype.com/sites/security/
>
>
>
> Brad Judy
>
>
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Leon DuPree
> *Sent:* Tuesday, July 07, 2009 10:53 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] ET TROJAN Generic Password Stealer User Agent
> Detected (RookIE)
>
>
>
> Anyone have any feedback on Skype Security for a University?
>
>
>
>
>
> Leon DuPree
>
>
>
> University of Michigan
>
> LSA Intern
>
> On Mon, Jul 6, 2009 at 5:53 PM, Gary Warner <gar () cis uab edu> wrote:
>
> That's a video game password stealer:
>
>
> http://www.virustotal.com/analisis/8a8e255862ecab9d0943970e7d564f6c879a4acf4e386adfb44437e777016b07-1243403990
>
> During the month of June 2009, we actually have 493 unique MD5s in our
> database that show up as some version of Magania, but none of them are the
> MD5 that you mentioned.
>
> The name comes from the fact that the trojan specifically steals password
> from "Gamania" (which is a bilingual pun on the words "Gaming orange" and
> "Game Mania") specifically from their top MMORPG, Lineage Online.
>
> We've seen it spread as an executable attachment, and also as a drive-by
> downloader.
>
>
> --
>
> ----------------------------------------------------------
>
> Gary Warner
> Director of Research in Computer Forensics
> The University of Alabama at Birmingham
> 205.934.8620             205.422.2113
> gar () cis uab edu        gar () askgar com
>
> -----------------------------------------------------------
>
> ----- Original Message -----
> From: "Russell Fulton" <r.fulton () AUCKLAND AC NZ>
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Sent: Sunday, June 21, 2009 4:01:16 PM GMT -06:00 US/Canada Central
> Subject: [SECURITY] ET TROJAN Generic Password Stealer User Agent Detected
> (RookIE)
>
> We are getting lots of machines with hits on this, particularly
> student laptops on the wireless network.  I managed to track down this
> reference:
>
>
> http://www.threatexpert.com/report.aspx?md5=c3c72f77f53bb50deec784c89f7c8f62
>
>
> does anyone know any m ore about this threat?
>
> Russell.