North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Worm probes
On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman <[email protected]> said: > > We're also seeing a large increase in this activity. This seems to be more > severe than the first time. Have an additional 30 to 40 meg inbound from > this. This seems to be the culprit: Concept Virus(CV) V.5, Copyright(C)2001 R.P.China I've nailed a copy, and am working on getting it to the right security people. A *PRELIMINARY* (eyeballing the output of 'strings' indicates that this one *both* sends itself via-email a la SirCam, *AND* scans for vulnerable web servers, and if it finds a vulnerable server, it causes anybody visiting that webpage to be offered a contaminated .exe as well. I do *NOT* have a handle on what malicious effects it has other than just propagating. This one's nasty, folks... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Attachment:
pgp00014.pgp
|