Security Incidents mailing list archives
RE: Gokar Worm?
From: "Matthew Reams" <mreams () intelixinc com>
Date: Thu, 13 Dec 2001 13:37:47 -0500
Though I'm sure there'll be millions of replies... http://securityresponse.symantec.com/avcenter/venc/data/w32.gokar.a@mm.h tml
-----Original Message----- From: Jeremy G Byrne [mailto:jeremy () cygnus uwa edu au] Sent: Wednesday, December 12, 2001 11:52 PM To: incidents () securityfocus com Subject: Gokar Worm? Hi All-- Just received a message cleaned by yahoogroups.com of something their NT-based "InterScan E-Mail VirusWall" product calls "WORM_GOKAR.A". The social engineering aspect of the carrier email is quite disturbing:Subject: You just take a giant step, one step higher.[...]Hey They say love is blind ... well, the attachment probably proves it. Pretty good either way though, isn't it ? [PSEUDO NYM](where [PSEUDO NYM] is the name of the person from whose account the email originates--which the worm must somehow be harvesting from extant email). The attachment had been replaced by yahoogroups' filters with the following message:--****** Message from InterScan E-Mail VirusWall NT ****** ** WARNING! Attached file y343rvy343rvy343rv28835589575y343rv.pif contains: WORM_GOKAR.A virus Attempted to clean the file but it is not cleanable. It has been deleted. ***************** End of message ***************--The really odd thing is that I can't find any references to a "Gokar Worm" on google, google's usenet mirror, or on several specialist av sites I've checked. Is this a case of commercial non-disclosure? CYa, JEREMY -------------------------------------------------------------- -------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Gokar Worm? Jeremy G Byrne (Dec 13)
- Re: Gokar Worm? Johannes B. Ullrich (Dec 13)
- Re: Gokar Worm? Nick FitzGerald (Dec 13)
- <Possible follow-ups>
- RE: Gokar Worm? Matthew Reams (Dec 13)