Educause Security Discussion mailing list archives

Re: Skype (was password stealer)


From: Brad Judy <win-hied () BRADJUDY COM>
Date: Tue, 7 Jul 2009 11:55:28 -0400

Skype put together a security webpage specifically targeted at universities
a while back (when supernode discussions were a big topic).



http://www.skype.com/security/universities/



They also have a security blog, but it's mostly about vulnerabilities and
Skype-related phishing/malware.



http://share.skype.com/sites/security/



Brad Judy





From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leon DuPree
Sent: Tuesday, July 07, 2009 10:53 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] ET TROJAN Generic Password Stealer User Agent
Detected (RookIE)



Anyone have any feedback on Skype Security for a University?





Leon DuPree



University of Michigan

LSA Intern

On Mon, Jul 6, 2009 at 5:53 PM, Gary Warner <gar () cis uab edu> wrote:

That's a video game password stealer:

http://www.virustotal.com/analisis/8a8e255862ecab9d0943970e7d564f6c879a4acf4
e386adfb44437e777016b07-1243403990

During the month of June 2009, we actually have 493 unique MD5s in our
database that show up as some version of Magania, but none of them are the
MD5 that you mentioned.

The name comes from the fact that the trojan specifically steals password
from "Gamania" (which is a bilingual pun on the words "Gaming orange" and
"Game Mania") specifically from their top MMORPG, Lineage Online.

We've seen it spread as an executable attachment, and also as a drive-by
downloader.


--

----------------------------------------------------------

Gary Warner
Director of Research in Computer Forensics
The University of Alabama at Birmingham
205.934.8620             205.422.2113
gar () cis uab edu        gar () askgar com

-----------------------------------------------------------

----- Original Message -----
From: "Russell Fulton" <r.fulton () AUCKLAND AC NZ>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Sunday, June 21, 2009 4:01:16 PM GMT -06:00 US/Canada Central
Subject: [SECURITY] ET TROJAN Generic Password Stealer User Agent Detected
(RookIE)

We are getting lots of machines with hits on this, particularly
student laptops on the wireless network.  I managed to track down this
reference:

http://www.threatexpert.com/report.aspx?md5=c3c72f77f53bb50deec784c89f7c8f62


does anyone know any m ore about this threat?

Russell.




Current thread: