Ok, thanks to Doug and Ken for sending me a sample.

This thing simply installs a Trojan (MBAM calls it "Trojan.Agent.VBS") 
and then connects to server(s) to download additional Malware, if the 
user opens it, enters the password (and has a version of Word that 
recognizes it) and then enables macros.  I'd like to think that series 
of events is unlikely, but I know better.

Some IPs I saw this system connected to on my firewall.  Some of these 
may be legit and not malware relate (this is a re-imaged system and 
Office was trying to activate.)

I haven't seen this thing hitting my mail server yet.

- Bob

Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Assp-test mailing list

Reply via email to