I got two big boss emails today. Deleted them both. I figure I am the
'Big Boss', so why the h!#l would I send those messages to myself....
: - )
Larry Hoy
> -----Original Message-----
> From: owner-mgs@autox.team.net
> [mailto:owner-mgs@autox.team.net] On Behalf Of Bullwinkle
> Sent: Monday, January 13, 2003 2:06 PM
> To: mgs
> Subject: New virus
>
>
> There appears to be a new strain of Downloader virus goin
> through email. The email virus is being propagated by spoofed
> big@boss.com. Travis has
> blocked mail with that address and we are working to find
> why McAfee isn't
> catching the file when it's opened.
>
> Here are the entrails we have found so far:
>
> Email from big boss with subject of "movie clip", or "here's
> that movie" The attached file is a pif that spawns
> winmgm32.exe and adds a win/run in the registry for itself.
> McAfee is missing all of this activity, but after that, the
> exe (assumption) deploys sysmgmt32.dll at some point to
> system32 which is infected with Downloader-BN Trojan and
> McAfee does pick that up.
>
> So far, we have only have 4 infections.
/// or try http://www.team.net/cgi-bin/majorcool
/// Archives at http://www.team.net/archive
|