Following up on Bojan's story from Wednesday, F-Secure posted a bulletin today with their analysis of the current variant. The interesting (or is it scary?) part of this analysis is the revelation that on the 3rd of the month it will attempt to delete a lot of documents off the user's disks, including Office documents (*.doc, *.xls, *.ppt, *.pps), PDF files, .zip and .rar archives among others. They also report that based on a counter on a web page that the worm updates, there are in excess of 400,000 machines infected at this time.
Jim Clausing, jclausing /at/ isc.sans.org
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - Live Online
Jan 20th 2006
1 decade ago