Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-09-28 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

AOL Chat Viruses; Handler Tom Liston on CNN Tonight

Published: 2005-09-28
Last Updated: 2005-09-28 21:49:03 UTC
by Chris Carboni (Version: 3)
0 comment(s)

AOL Chat Viruses


We have a report that a new virus may be making the rounds being distributed via AOL chat.

Details are sketchy so far but we have the following thanks to Alan and Chris.

McAfee deletes the viruses but every time the user logs of and back onto the system it regenerates the batch file.

User gets a chat via AOL

       "Checkout this JPEG" with a link

After clicking the link it sends to everyone on their buddy list and creates the file

       C:xz.bat

               Contents of the file: it is set to disable MS security, firewall

Creates 3 registry entries one of which is a service

Hkey_local_machineSoftwareMicrosoftWindowsCurrent VersionRun

               Name :Strtax    Data: lock.exe  (Delete)

Hkey_local_machineSoftwareMicrosoftWindowsCurrent VersionRun Services

       Name :Strtax    Data: lock.exe  (Delete)

Hkey_UserSoftwareMicrosoftWindowsCurrent VersionRun Services

       Name :Strtax    Data: lock.exe  (Delete)

After deleting those three keys and a reboot the xz.bat file stopped trying to reload itself.

We have plenty of copies!  Thanks!
UPDATE:
The virus seems to be an SDBot variant that McAffe and Norton (at least) detect.

We also recieved another sample that McAffe detects as W32/Opanki.worm.

See http://vil.nai.com/vil/content/v_133397.htm for more details.


Tom Liston on CNN Tonight

Set your DVRs, and VCRs ..  

The lead story of tonight's 'Paula Zahn Now' show on CNN (20:00 EST, 02:00 GMT - check your local cable or satellite provider for listings) will feature handler Tom Liston and his work on exposing phoney web sites soliciting money for hurricane relief.

Let's hear it for Tom 'Prime Time' Liston!




Keywords:
0 comment(s)
Diary Archives