Ok, thanks to Doug and Ken for sending me a sample.

This thing simply installs a Trojan (MBAM calls it "Trojan.Agent.VBS") 
and then connects to server(s) to download additional Malware, if the 
user opens it, enters the password (and has a version of Word that 
recognizes it) and then enables macros.  I'd like to think that series 
of events is unlikely, but I know better.

Some IPs I saw this system connected to on my firewall.  Some of these 
may be legit and not malware relate (this is a re-imaged system and 
Office was trying to activate.)

23.35.18.164
8.253.32.142
184.51.112.8
184.51.112.154
13.107.4.50
184.51.112.8
134.170.53.30
23.96.212.225
191.237.218.239
23.96.212.225


I haven't seen this thing hitting my mail server yet.


- Bob


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to