Ok, thanks to Doug and Ken for sending me a sample. This thing simply installs a Trojan (MBAM calls it "Trojan.Agent.VBS") and then connects to server(s) to download additional Malware, if the user opens it, enters the password (and has a version of Word that recognizes it) and then enables macros. I'd like to think that series of events is unlikely, but I know better.
Some IPs I saw this system connected to on my firewall. Some of these may be legit and not malware relate (this is a re-imaged system and Office was trying to activate.) 23.35.18.164 8.253.32.142 184.51.112.8 184.51.112.154 13.107.4.50 184.51.112.8 134.170.53.30 23.96.212.225 191.237.218.239 23.96.212.225 I haven't seen this thing hitting my mail server yet. - Bob ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
