VIRUS Riddled MIRC program?

["Brian Heathfield" <bh01641 () terra es>]

Following several odd occurrences during and after chat room sessions by
other chat room members, I have done some log analysis, and found one common
thread.  The problems were only occurring during sessions when one or more
members were using a specific IRC program.

I downloaded that program today and started an analysis, but stopped after
only 5 minutes, as the program had already tried to infect my PC with 7
viruses, which were various variants of three unique viruses.  I then
contacted McAfee lab personnel and they confirmed my findings.

I also verified that all the mirror sites had exactly the same copy of this
encapsulated program, and that the checksums validated correctly.  The
conclusion from this is that the program that originates from Turkey was
encapsulated with the viruses already in.  The nature of one of these
viruses indicates that it may have been a deliberate act.

The program is VirusScript2000, which probably says it all.

Brian



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com