lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40FC504F.9010404@home.nl>
From: niekbaakman at home.nl (Niek Baakman)
Subject: New MyDoom or Netsky variant?

Vic Vandal wrote:

> Anyone seeing what looks like a brand new MyDoom variant?
> Comes in e-mail as a message.zip, extracts to a message.doc
> followed by a LOT of spaces and then a .pif extension.
> I've only started to look at the encoded attachment, but
> someone who opened it had a LSASS.EXE start up and take
> about 96% CPU utilization.  I scanned the offending Outlook
> attachment with the latest Symantec sigs, but it didn't recognize
> it.  The .pif appears to be packed with UPX.

Don't use symantec for fast updates.
They only update liveupdate 1-2 per week.
If you want updates more often, you have grab their intelligent updater
manually (1 per day), or grab their beta updates (also manually).

Only if they regard the virus to be a serious threat, they offer an
immediate liveupdate. For something as mail protection, they are too slow.
Then again, you don't use symantec products on a mail server.

Regards,

Niek Baakman


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ