Quote: Originally Posted by Lemur
Quote: Originally Posted by dranfu
Looks like this thing may be trying to create a botnet, too. It just keeps getting better 'Here You Have' Email
I just sent my network admin a heads up. Not that universities have anything to worry about...
Lol. Oh, no. The universities will definitely be safe
Macafee has made a stinger (stand alone virus scanner) version just for the virus, if you want to run it on your network: http://vil.nai.com/vil/vbm/stinger.exe
Also, definately check out the threat reports from ThreatExpert - Automated Threat Analysis
. They have a bunch of behavior reports (reg keys created/modified, file manipulated, etc.) on the virus.
For example there are, of course, a bunch of image execution entries for svchost, so that when svchost is ran, some malware also gets ran. Example
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\00hoeav.com]
Debugger = "%Windir%\svchost.exe"
All I know is that tomorrow is going to be a hell of a day.