New Virus?

I just received an email that looks fairly legit at first glance. It states
that a rape occurred on campus (being that I work at a university this makes sense) and that attached you will find an image of
the suspect as captured from campus CCTV. The attached file (suspect
image.exe) very well may be a virus (im sure as heck not going to run it to
find out). My university ‘s clamav did not pick it up nor did NAV10 with dats
dated yesterday.

I am not able to pull much useful information from the exe via the unix
strings command or ida pro. If anyone has any more experience then I do
with virus disassembly I would be happy to forward the idapro file.

What I am able to pull from ida ‘s hex view is some registry writing, file
deletion, file creation and process manipulation, but no details.

The contents of the email are attached bellow, you may want to warn your
users on this (although I ‘m not sure how prevalent it is yet).

—————————

Return-path:
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
sys21.mail.msu.edu
X-Spam-Level: *
X-Spam-Status: No, score=1.7 required=5.0 tests=DATE_IN_FUTURE_06_12,
MIME_BOUND_NEXTPART autolearn=disabled version=3.1.0
Envelope-to: XXXXXXX@msu.edu
Delivery-date: Fri, 27 Jan 2006 12:00:45 -0500
Received: from client-82-19-18-185.mant.adsl.ntlworld.com ([82.19.18.185]
helo=southern.edu)
by sys21.mail.msu.edu with smtp (Exim 4.52 #1)
id 1F2WxA-00089q-69
for XXXXXXX@msu.edu; Fri, 27 Jan 2006 12:00:45 -0500
From: “Mr Robert Atkins”
To:
Subject: Rape on Campus
Date: Fri, 27 Jan 2006 17:00:03 -0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”—-=_NextPart_8735D9CD401142400612F4268″
X-Priority: 3
X-Virus: None found by Clam AV

Hello,

During the early morning of January 25 2006, a campus student was the victim
of a horrific sexual assault within college grounds. Eyewitnesses report a
tall black man in grey pants running away from the scene. Campus CCTV has
caught this man on camera and are looking for ways to identify him. If
anyone recognises the attached picture could they inform administraion
immediatly

Regards,

Robert Atkins
Campus Administration

All information contained within this e-mail, including any attachment, is
confidential. If you have received this e-mail in error, please delete it
immediately. Do not use, disclose or spread the information in any way and
notify the sender immediately. Any views and opinions expressed in this
e-mail may not represent those of Business Monthly

Clustering with Rocks

I am in the process of setting up my first Rocks cluster and have
encountered a problem that I can ‘t figure out.

I have my front end set up and am attempting to kickstart my first computing
node. I run install-ethers on my head, boot the first node from the rocks
dvd and wait. The head shows the correct MAC attaching and then displays
404 as the status. Looking at the node I see the error stating…

https://10.1.1.1///install/sbin/public/kickstart.cgi?arch=x86_64&np=4&projec
t=rocks

Ftp IE Error

I checked /var/www/html and see no install or sbin. I found the files it is
looking for in /states/partition1/home/install/sbin so I symlinked it
adjusted the httpd.conf accordingly and still no love.

Even if it worked as I expected I still can ‘t account for the extra two
front slashes after the ip.

CISSP

CISSP LogoI received an email the other day from ISC2 informing me that I had successfully passed the CISSP (Certified Information Systems Security Professional) exam.

This was a gigantic load off my mind. Me and 60 other candidates took the exam December 10th in Troy, MI. I finished in 4 and a half hours and left thinking that it covered far more material than I had studied. I had always heard that some of the material was dated and that ISC2 didn ‘t keep the test updated with recent and relevant technologies. I think these people literally took a different test than I did. Some of the questions where worded and formated unlike any that I had seen in all of the practice tests including Transcender and Boson. I think this is a brand new test.

If you keep to studying the 10 domains as they have been presented in the past and also keep a close eye on tech news you should do just fine.

It seems like they have found a way to test more on accumulated knowledge instead of a bunch of drab memorization that is common in a lot of vendor certs.