DShield; Cooperative Network Security Community

Newsfeed
(click to hide)

about this feed

Last 10

SANS Newsbites

Six of Seven AV Programs Tested Did Not Detect Aurora Attack Variants (March 11, 2010)
FBI: Cost of Reported Cybercrime in 2009 Was US 0 Million (March 12 & 15, 2010)

SANS @Risk

10.11.28 ASPCode CMS "default.asp" Multiple Cross-Site Scripting Vulnerabilities
10.11.29 eGroupware Cross-Site Scripting and Remote Command Execution Vulnerabilities

SANS Reading Room

ISC and Handler Twitter accounts

Today´s Diary

If you have more information or corrections regarding our diary, please share.

Trojan outbreak on a College Campus

Share |

Published: 2010-03-17,
Last Updated: 2010-03-17 18:34:37 UTC
by Deborah Hale (Version: 1)

0 comment(s)

One of our readers just advised us that the college that he is associated with has had a major outbreak of Trojan.Win32.Scar.bwgf (Kaspersky). Michael reported:

"We are now in major clean up mode. All the file servers have been removed from the network to prevent further spread.

Basically the virus hides all the files in a directory and the directory itself. It then adds a file of 74K with the same name as the file with a .exe. So a user wishing to open
their word document would actually be infecting themselves with the virus."

Michael asked if we had received any other reports of infection from this Trojan. A quick look on Google it appears that some variation of this has been around for a while.
It looks like his campus may be dealing with an updated version.

If anyone else is seeing any activity for this Trojan give us a shout. Thanks Michael for reporting this to us.

Deb Hale Long Lines, LLC

Keywords: Trojan Scar

0 comment(s)

If you have more information or corrections regarding our diary, click here to contact us.

Diary Archive

Date	Author	Title
2010-03-17	Deborah Hale	Trojan outbreak on a College Campus
2010-03-16	Lenny Zeltser	Trouble Ticket Express Exploit in the Wild a Day After the Vulnerability Announcement
2010-03-16	Lenny Zeltser	Internet Explorer 9 "Platform Preview" Now Available From Microsoft
2010-03-15	Adrien de Beaupre	Spamassassin Milter Plugin Remote Root Attack
2010-03-14	Marcus Sachs	DST Issue in Windows 7 Ultimate?
2010-03-13	Marcus Sachs	Evil Sports Sites
2010-03-11	donald smith	Cert write up on Skype IMBot Logic and Functionality.
2010-03-11	donald smith	Interesting SKYPE SPIM.
2010-03-10	Rob VandenBrink	What's My Firewall Telling Me? (Part 4)
2010-03-10	Rob VandenBrink	Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7

Complete Archive
Search Diaries:

Latest Reading Room Papers

IOSTrojan: Who really owns your router?
Effective Use Case Modeling for Security Information & Event Management
Penetration Testing in the Financial Services Industry
Identifying Load Balancers in Penetration Testing
IT Guidance to the Legal Team

IOSTrojan: Who really owns your router?

Effective Use Case Modeling for Security Information & Event Management

Penetration Testing in the Financial Services Industry

Identifying Load Balancers in Penetration Testing

IT Guidance to the Legal Team