Full Disclosure mailing list archives
Re: New MyDoom or Netsky variant?
From: "Mary Landesman" <mlande () bellsouth net>
Date: Mon, 19 Jul 2004 18:48:05 -0400
http://vil.nai.com/vil/newly-discovered-viruses.asp -- Mary ----- Original Message ----- From: "Vic Vandal" <vvandal () well com> To: <full-disclosure () lists netsys com> Sent: Monday, July 19, 2004 6:11 PM Subject: [Full-disclosure] New MyDoom or Netsky variant? Anyone seeing what looks like a brand new MyDoom variant? Comes in e-mail as a message.zip, extracts to a message.doc followed by a LOT of spaces and then a .pif extension. I've only started to look at the encoded attachment, but someone who opened it had a LSASS.EXE start up and take about 96% CPU utilization. I scanned the offending Outlook attachment with the latest Symantec sigs, but it didn't recognize it. The .pif appears to be packed with UPX. I'm tempted to infect my own machine to study the effects, but would rather not do so and find out it's eaten a bunch of my work I don't have time to back up. But the infected user has shut down his machine and left, so I can't study it there either. I do have the Exchange admin trying to filter mail with the attachment for the moment. I see another e-mail from the infected, with a tgy.zip attachment I have yet to start to dissect. I did a Google search on that, with no results. It's not much fun running around in circles with your hair on fire. Thank the stars that all my personal e-mail comes to a SunOS box - 15 years without a single infection! Vic _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New MyDoom or Netsky variant? Vic Vandal (Jul 19)
- Re: New MyDoom or Netsky variant? Mary Landesman (Jul 19)
- Re: New MyDoom or Netsky variant? Niek Baakman (Jul 19)
- Re: New MyDoom or Netsky variant? Bart . Lansing (Jul 20)
- Re: New MyDoom or Netsky variant? Niek Baakman (Jul 20)
- Re: New MyDoom or Netsky variant? Bart . Lansing (Jul 20)
- <Possible follow-ups>
- Re: New MyDoom or Netsky variant? mnv (Jul 19)
- Re: New MyDoom or Netsky variant? Timothy Chase (Jul 19)
- Re: New MyDoom or Netsky variant? Timothy Chase (Jul 19)
- Re: New MyDoom or Netsky variant? Timothy Chase (Jul 19)