And an alternative writeup from Symantec, with more details on the results of an infection, and with executables nobody else has mentioned.
http://www.symantec.com/enterprise/security_response/weblog/2007/01/troj anpeacomm_building_a_peert.html Andrew 8) > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Colbeck, Andrew > Sent: Friday, January 19, 2007 1:01 PM > To: declude.virus@declude.com > Subject: RE: [Declude.Virus] Any one heard about or seen this one yet? > > Yes, and it should be old news by now. > > http://isc.sans.org/diary.html?storyid=2071 > > The end of the page lists the four executables to ban, if you > don't trust your antivirus software, i.e. > > #Jan-18-2007 AC New fake news clips virus called Small.Dam by > F-Secure and W32/Downloader.AYDY by F-Prot BANNAME Full > Clip.exe BANNAME Read More.exe BANNAME Full Story.exe BANNAME > Video.exe > > > Andrew 8) > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > Heimir Eidskrem > > Sent: Friday, January 19, 2007 12:02 PM > > To: declude.virus@declude.com > > Subject: [Declude.Virus] Any one heard about or seen this one yet? > > > > > > Storm Worm Hits Computers Around the World By Reuters January 19, > > 2007 > > > > HELSINKI (Reuters)-Computer virus writers started to use raging > > European storms on Friday to attack thousands of computers in an > > unusual real-time assault, head of research at Finnish data > security > > firm F-Secure told Reuters. > > > > The virus, which the company named "Storm Worm," is sent to > hundreds > > of thousands of e-mail addresses globally, with the > e-mail's subject > > line saying "230 dead as storm batters Europe." > > > > The attached file contains the so-called malware that can > infiltrate > > computer systems. > > > > "What makes this exceptional is the timely nature of the attack," > > Mikko Hypponen, head of research at F-Secure said. > > Hypponen said thousands of computers around the world, most > in private > > use, had been affected. > > > > He said most users would not notice the malware, or trojan, which > > creates a back door to the computer that can be exploited later to > > steal data or to use the computer to post spam > > > > > > > > Regards, > > Dennis Curry > > System Administrator > > SNC-Lavalin GDS > > > > > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, > > just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
