('binary' encoding is not supported, stored as-is) In-Reply-To: <Pine.LNX.4.53.0307151847580.15628at_private> Update: NAV and F-prot detect this sample with 7/16 definitions. It must be a modified or corrupted sample since the 7/15 defs didn't detect it. NAV detects it as W32.Gruel@mm and F-prot detected it as W32/Fakerr@MM (McAfee calls it that as well). >Oh, this is interesting. > >The little beastie claims to come from Symantec. It's actually from some >joker (possibly a victim) in Guatemala. Even comes with a .exe attachment >for those dumb enough to be suckered into believing it's actually from >Symantec. > >The payload has been saved at the following URL: >http://www.treachery.net/~jdyson/trojans/Symantec_Norton_Tool.exe > >Dunno if this qualifies as an "incident," but I'm sure you folks at >Symantec would like to know about this... ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jul 16 2003 - 21:55:59 PDT