Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: European Storm Video E-Mail SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
European Storm Video E-Mail


A new variant of this virus has surfaced over the last 3-4 hours.  This variant is slightly smaller than the original.
MD5 checksums for the files are:
  • cf6c72dfa5a05beb46f21a21cb6d3487  for the original version
  • b9a0d6c8493ad79c2c09137871b95672  for the new variant
(If you have a file that does not match the above two signatures feel free to submit it)

AV products are picking up the original, only some are picking up the variant (that should change over the next few hours).

The subject and file names are changing as well in line with the news headlines of the day.  In addition to the subjects mentioned in Part 1 we have seen:
  • Chinese missile shot down USA aircraft
  • Chinese missile shot down USA satellite
  • Chinese missile shot down Russian satellite
  • Russian missile shot down USA aircraft
  • Russia missile shot down USA satellite
  • Russian missile shot down Chinese aircraft
  • Radical Muslim drinking enemies' blood
  • Sadam Hussein alive!
  • Sadam Hussein safe and sound! 
Many readers have reported that their Anti Spam filters capture the files.  If you are blocking executables, then at the moment things should be fine in your camp.

We'll keep you updated.

ISC Handler On Duty

391 Posts
ISC Handler
Jan 20th 2007

Sign Up for Free or Log In to start participating in the conversation!