Full Disclosure mailing list archives
Re: New MyDoom or Netsky variant?
From: Niek Baakman <niekbaakman () home nl>
Date: Tue, 20 Jul 2004 00:50:55 +0200
Vic Vandal wrote:
Anyone seeing what looks like a brand new MyDoom variant? Comes in e-mail as a message.zip, extracts to a message.doc followed by a LOT of spaces and then a .pif extension. I've only started to look at the encoded attachment, but someone who opened it had a LSASS.EXE start up and take about 96% CPU utilization. I scanned the offending Outlook attachment with the latest Symantec sigs, but it didn't recognize it. The .pif appears to be packed with UPX.
Don't use symantec for fast updates. They only update liveupdate 1-2 per week. If you want updates more often, you have grab their intelligent updater manually (1 per day), or grab their beta updates (also manually). Only if they regard the virus to be a serious threat, they offer an immediate liveupdate. For something as mail protection, they are too slow. Then again, you don't use symantec products on a mail server. Regards, Niek Baakman _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New MyDoom or Netsky variant? Vic Vandal (Jul 19)
- Re: New MyDoom or Netsky variant? Mary Landesman (Jul 19)
- Re: New MyDoom or Netsky variant? Niek Baakman (Jul 19)
- Re: New MyDoom or Netsky variant? Bart . Lansing (Jul 20)
- Re: New MyDoom or Netsky variant? Niek Baakman (Jul 20)
- Re: New MyDoom or Netsky variant? Bart . Lansing (Jul 20)
- <Possible follow-ups>
- Re: New MyDoom or Netsky variant? mnv (Jul 19)
- Re: New MyDoom or Netsky variant? Timothy Chase (Jul 19)
- Re: New MyDoom or Netsky variant? Timothy Chase (Jul 19)
- Re: New MyDoom or Netsky variant? Timothy Chase (Jul 19)