There appears to be a new strain of Downloader virus goin
through email.
The email virus is being propagated by spoofed
big@boss.com. Travis has
blocked mail with that address and we are working to find
why McAfee isn't
catching the file when it's opened.
Here are the entrails we have found so far:
Email from big boss with subject of "movie clip", or "here's
that movie"
The attached file is a pif that spawns winmgm32.exe and adds
a win/run in
the registry for itself. McAfee is missing all of this
activity, but after
that, the exe (assumption) deploys sysmgmt32.dll at some
point to system32
which is infected with Downloader-BN Trojan and McAfee does
pick that up.
So far, we have only have 4 infections.
/// or try http://www.team.net/cgi-bin/majorcool
/// Archives at http://www.team.net/archive
|