Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: "Yay" Malware
From: RL Vaughn <Randy_Vaughn () BAYLOR EDU>
Date: Fri, 12 Jan 2007 17:41:55 -0600

TCP SYN packets to 88.80.5.21:80



David Taylor wrote:
Does anyone know what kind of 'outgoing traffic' this is?



From: Tim Lane [mailto:tlane () SCU EDU AU]
Sent: Thursday, January 11, 2007 8:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] "Yay" Malware



Hi All,

has anyone seen (for want of a better term) the Yay Malware.  We are seeing
a small window with the word "yay" in it appear on the desktop with a lot of
outgoing traffic.  A search on Google cites quite a few people seeing this
in the last 24 hours but no resolution.

We have tried to remove it with:

Symantec AV
Adaware
Spybot S&D
Defender
XoftSpySE
MSRT

Seems like it may be very new and the AV vendors have not caught on yet....

If anyone has seen it and mitigated it I would be interested to hear.

Thanks,

Tim


Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

(02 6620 3290   7             02 6620 3033   - tlane () scu edu au
8  <http://www.scu.edu.au> http://www.scu.edu.au



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault