Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Viruses This Week; Possible Decrease in Phishing emails; This Handler's observation

Published: 2005-02-26
Last Updated: 2005-02-26 16:20:26 UTC
by Deborah Hale (Version: 1)
0 comment(s)

New Viruses This Week

This has been a record week for new virus discovery - at least for me. We yet again saw an infiltration of new activity at one location here in our local area. Upon investigation we found 3 new files that had characteristics similar to other Spybot worms that have been detected. Upon scan with Symantec Enterprise Edition v9 with current definitions nothing was detected. However running them through they were detected by a small number (2 or 3) as some form of worm. I submitted the files to Symantec for evaluation and have received no information back from them so apparently they have not yet had a chance to analyze them.

The really scary one was an executable file with the name veritas. At first glance we thought nothing of this because we do indeed use Veritas software. However, we quickly realized that no Veritas software had ever been installed or used on this particular workstation. These types of filenames are making it easier and easier for people to be deceived and tricked into missing an infection.

In looking at todays list on Symantec's web site, in the last week there have been 24 new entries that are rated as a Level 2. In the last month there have been close to 100 new entries with the majority being Level 2 and one of them being Level 3.

Of course, a lot of them are remakes of old players such as Mydoom and Spybot, however it doesn't minimize the impact of the damage that can be done.

Interestingly enough, the location that had the, yet to be identified files on their computers also had, as we discovered this week, an active SubSeven server (on a workstation) loaded with "questionable photographic images" (if you get mey drift) and zip files of some popular games.

We are continuing our investigation of this and will share any info with you that can be shared. Stay tuned.

Possible Decrease in Phishing Emails

It seems that there has been a holiday taken by the Phisher Friends. I have seen a rapid decrease in the number of phishing type emails that I have received in the last 2 weeks (only one this week). Other's have indicated that they are seeing the same thing. Gotta' make you wonder what they are up to now.

Let us know if you too have seen a change in your inbox.

This Handler's Observation

With the decrease in phishing type emails - I have seen a marked increase in emails that appear to come from my email address (however with varying names) to my email address. I have a spam filtering service that is usually pretty good at stopping junk before it gets to me. However, this week they haven't been so successful so consequently my inbox is full of Junk mail trying to sell me Cialis and other drugs, software (Microsoft/Adobe, etc) at unbelievably low prices, and a "well earned new Low Interest Rate Mortgage with No Credit Check Needed".

Oh for the day when these things were in my Postal Mailbox and THEY were paying for them. Nostalgia, wonderful nostalgia.

Hopefully this weekend will continue to be a quiet one so that I and my fellow Internet Storm Center Volunteers can enjoy the quiet. If not we will be here to hopefully "Slow the Flow".

Stay Tuned.

Deb Hale

Handler on Duty

0 comment(s)
Diary Archives