Filename varies, but it's a .rar file containing a compressed exe file. No
subject line and the first part of the senders id is the recepient's first name.
It is a brand new variant of the trojan.tooso and for some reason it is
undetectable. Employees of Symantec told me they had similar emails get past
their security measures yesterday.
Danny
-----Original Message-----
From: Jack Evans [mailto:[EMAIL PROTECTED]
Sent: Fri 3/4/2005 3:48 PM
To: Cox, Danny H.
Cc:
Subject: RE: [gb-users] new virus threat gets past AV products
Danny,
Not much here to go on. Is there a name for it yet, what is the
filename
attached?
-----Original Message-----
From: Cox, Danny H. [mailto:[EMAIL PROTECTED]
Sent: Friday, March 04, 2005 3:41 PM
To: [email protected]
Subject: [gb-users] new virus threat gets past AV products
FYI,
Thought I'd let everyone know about a new threat that actually
got past a
3-tiered antivirus environment.
It is an email with an attachment. The attachment is a rar
file with a
compressed portable exe file. The file opens all sorts of nice
things like
SSL connections to the outside to retrieve more nasty stuff and
even
disables local AV products as well as the usual reg changes.
Even local,
manual scans were unable to detect the threat with the latest
dat files.
It then tried to email itself and started looking around our
network...
Needless to say, my system is toast.
It got lose while I was dissecting it in a new exe editor. The
editor
opened IE and tried to display the payload and that's when all
he** broke
lose.
Watch out!
Danny
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
