Following several odd occurrences during and after chat room sessions by other chat room members, I have done some log analysis, and found one common thread. The problems were only occurring during sessions when one or more members were using a specific IRC program. I downloaded that program today and started an analysis, but stopped after only 5 minutes, as the program had already tried to infect my PC with 7 viruses, which were various variants of three unique viruses. I then contacted McAfee lab personnel and they confirmed my findings. I also verified that all the mirror sites had exactly the same copy of this encapsulated program, and that the checksums validated correctly. The conclusion from this is that the program that originates from Turkey was encapsulated with the viruses already in. The nature of one of these viruses indicates that it may have been a deliberate act. The program is VirusScript2000, which probably says it all. Brian ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 28 2001 - 07:42:15 PDT