Threat Level: green Handler on Duty: Russ McRee

SANS ISC: MS06-040 wgareg / wgavm update - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-040 wgareg / wgavm update
We have received samples and infection reports from several sources. It looks like there are so far two different binaries involved:

9928a1e6601cf00d0b7826d13fb556f0  wgareg.exe
2bf2a4f0bdac42f4d6f8a062a7206797  wgavm.exe

The former, wgareg.exe, apparently shows up simply as ".exe" (blank-dot-exe) on infected systems and only later gets renamed or copied to wgareg.exe.  AV protection is slowly coming online, here's a few of the names chosen:
Symantec - W32.Wargbot - not yet in the current pattern
TrendMicro - Worm.IRCBOT.JK and JL - protection available
McAfee - IRC.Mocbot - protection as extra.dat available
F-Secure - IRCBOT-ST - protection available

We'll update this post as more information becomes available.




Daniel

367 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!