Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Forgery FBI email / Virus W32.Bugbros / New PoC for Linux Vulnerability

Published: 2004-01-07
Last Updated: 2004-01-07 21:43:05 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
Forgery FBI email around

A false email from FBI with the Subject: "Your IP was
logged" is being around with a malware in attachment. The
email intends to intimidate the user saying that the
machine was scanned by the FBI and that Illegal contents
were found. The email will try to induce the user to check
the attachment to see what illegal contents were found.

Reference:

http://www.theage.com.au/articles/2004/01/06/1073268005348.h
tml
Virus W32.Bugbros

Yesterday, an user sent a message to the Handlers saying
that MS told that she had the blaster worm in hers computer
( http://isc.sans.org/diary.html?date=2004-01-06 ). A virus
with a very similar message was discovered. It is called
W32.Bugbros according Symantec. It sends itself with the
body:

"Hi,
I have send you the needed informations for the new worm-
backdoor discovered.
The Backdoor is called W32.Bug.Gear.A You can run the
attachment to avoide getting
hacked by closing the backdoor."

Reference - Thanks to Scott Fendley:

http://www.sarc.com/avcenter/venc/data/w32.bugbros@mm.html
New PoC code for Linux vulnerability

A PoC code for testing the Linux do_mremmap() vulnerability (Affecting Kernel 2.4.x and 2.6.x)was released today . Apparently it checks the vulnerability
with no harm. It is time to patch the Linux kernel again.
Check your Linux distribution site for upgrades.
------------------------------------------------------------

Handler on duty: Pedro Bueno
Keywords:
0 comment(s)
Diary Archives