Hi All--
Just received a message cleaned by yahoogroups.com of
something their NT-based "InterScan E-Mail VirusWall"
product calls "WORM_GOKAR.A". The social engineering
aspect of the carrier email is quite disturbing:
>Subject: You just take a giant step, one step higher.
[...]
>Hey
>They say love is blind ... well, the attachment probably
>proves it. Pretty good either way though, isn't it ?
>[PSEUDO NYM]
(where [PSEUDO NYM] is the name of the person from whose
account the email originates--which the worm must somehow
be harvesting from extant email).
The attachment had been replaced by yahoogroups' filters
with the following message:
>--
****** Message from InterScan E-Mail VirusWall NT ******
** WARNING! Attached file y343rvy343rvy343rv28835589575y343rv.pif contains:
WORM_GOKAR.A virus
Attempted to clean the file but it is not cleanable.
It has been deleted.
***************** End of message ***************
>--
The really odd thing is that I can't find any references
to a "Gokar Worm" on google, google's usenet mirror, or
on several specialist av sites I've checked. Is this a
case of commercial non-disclosure?
CYa,
JEREMY
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Dec 13 2001 - 10:36:11 PST