Begin forwarded message:
From: Dan Updegrove <[EMAIL PROTECTED]> Date: August 9, 2004 5:45:51 PM EDT To: [EMAIL PROTECTED] Subject: Re: [IP] New Horizons in spam and virii ~ "new price"
Dave,
McAfee identifies "new price" as W32/[EMAIL PROTECTED], a mass-mailing worm, which
- contains its own SMTP engine to construct outgoing messages
- harvests email addresses from the victim machine
- the From: address of messages is spoofed
- attachment is a zip file, which contains an EXE and HTML file
- contains a remote access component (notification is sent to hacker)
- copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
Useful write-up at
<http://vil.nai.com/vil/content/v_127423.htm>.
Regards, Dan
At 04:32 PM 8/9/2004, you wrote:
Begin forwarded message:
From: [EMAIL PROTECTED] Date: August 9, 2004 5:15:43 PM EDT To: [EMAIL PROTECTED] Subject: Re: [IP] New Horizons in spam and virii
(P.S. -- I've also gotten several copies of an unidentified virus that says "new price" - the payload has the name price.zip or price2.zip.)
I also got the price.zip file -- it contains two files, one called price.exe and one called price.html.� Checked with the folks at CERT and they said they've only had reports on the virus in the last couple of days and they're examining a sample that was sent to them.� They're still not sure what it does but said the html file seems to be some sort of javascript that actitvates the .exe file.� Couldln't find anything about it doing a general Google search or a Google search on both the F-Prot and TrendMicro sites.
If anyone has any more info on this particular bit of mischief, I'd be interested to hear it.
VP� for Information Technology����������Phone (512) 232-9610
The University of Texas at Austin��� ���Fax (512) 232-9607
FAC 248 (Mail code: G9800)��� [EMAIL PROTECTED]
P.O. Box 7407����������������������� �����������http://wnt.utexas.edu/~danu/
Austin, TX 78713-7407
------------------------------------- You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
