Guest CalamityJane Posted January 27, 2003 Report Share Posted January 27, 2003 Just got this in a e-mail from Message Labs. GeneralThe details of the new virus are as follows:Virus name: W32/Sadhound.A Number of copies seen so far: 2,704 Date first Captured: 25th Jan 2003 Origin of first intercepted copy: Netherlands Number of countries seen active: 1 Most active countries: NetherlandsTechnical DetailsOn 25th January 2003, MessageLabs intercepted the first copies of a new virus called W32/Sadhound.A. To date, all of the copies that we have thus far stopped all originated from the same IP address in the Netherlands. Therefore, at this time, we are unsure as to whether this is a seeding of a trojan, broken malware, or a mass-mailer.Initial analysis suggests this is a dropper-program, depositing a mass-mailer with a backdoor and a mIRC component; however, this has yet to be confirmed.From the copies that MessageLabs have intercepted, the email may be composed as follows:Subject: I Miss You The email body contains the following text:I Miss You…Attachment file names include: Bloods.jpg (11,507) – a picture of a sad-looking bloodhound, hence the name bgg.jpg (2,680) – a background image Missingyou.htm .pf.htm – or Missingyou.pif (11,296) since the nameand filename are different in the MIME header.DetectionSkeptic™ detected W32/Sadhound.A heuristically. No MessageLabs customers were affected. Link to comment Share on other sites More sharing options...
Recommended Posts