Return-Path: <sentto-279987-2479-1001708366-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 28 Sep 2001 13:23:08 -0700 (PDT) Received: (qmail 6776 invoked by uid 510); 28 Sep 2001 20:21:03 -0000 Received: from n22.groups.yahoo.com (216.115.96.72) by 204.181.12.215 with SMTP; 28 Sep 2001 20:21:03 -0000 X-eGroups-Return: sentto-279987-2479-1001708366-fc=all.net@returns.onelist.com Received: from [10.1.1.221] by cj.egroups.com with NNFMP; 28 Sep 2001 20:20:50 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 28 Sep 2001 20:19:26 -0000 Received: (qmail 5510 invoked from network); 28 Sep 2001 20:19:24 -0000 Received: from unknown (10.1.10.27) by 10.1.1.221 with QMQP; 28 Sep 2001 20:19:24 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 28 Sep 2001 20:20:48 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id NAA13733 for iwar@onelist.com; Fri, 28 Sep 2001 13:20:44 -0700 Message-Id: <200109282020.NAA13733@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 28 Sep 2001 13:20:44 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:VirusScript2000.screwing.up.IRC...] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Following several odd occurrences during and after chat room sessions by other chat room members, I have done some log analysis, and found one common thread. The problems were only occurring during sessions when one or more members were using a specific IRC program. I downloaded that program today and started an analysis, but stopped after only 5 minutes, as the program had already tried to infect my PC with 7 viruses, which were various variants of three unique viruses. I then contacted McAfee lab personnel and they confirmed my findings. I also verified that all the mirror sites had exactly the same copy of this encapsulated program, and that the checksums validated correctly. The conclusion from this is that the program that originates from Turkey was encapsulated with the viruses already in. The nature of one of these viruses indicates that it may have been a deliberate act. The program is VirusScript2000, which probably says it all. Brian ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:51 PDT