North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Worm probes

  • From: Jim Mercer
  • Date: Tue Sep 18 19:01:13 2001

On Tue, Sep 18, 2001 at 08:48:43AM -0700, Roeland Meyer wrote:
> I wonder if ...
> 
> Afghanistan ... taliban .... holy war ...?
> 
> We need to start back-tracing this one, methinks.

go for the root cause.

send the US military forces out to eliminate microsoft and
their weak security.

> 
> |> -----Original Message-----
> |> From: [email protected] [mailto:[email protected]]
> |> Sent: Tuesday, September 18, 2001 8:30 AM
> |> To: Bryan Heitman
> |> Cc: [email protected]
> |> Subject: Re: Worm probes 
> |> 
> |> 
> |> On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman 
> |> <[email protected]>  said:
> |> > 
> |> > We're also seeing a large increase in this activity.  This 
> |> seems to be more
> |> > severe than the first time.  Have an additional 30 to 40 
> |> meg inbound from
> |> > this.
> |> 
> |> This seems to be the culprit:
> |> 
> |> Concept Virus(CV) V.5, Copyright(C)2001  R.P.China
> |> 
> |> I've nailed a copy, and am working on getting it to the 
> |> right security
> |> people.  A *PRELIMINARY* (eyeballing the output of 'strings' 
> |> indicates that
> |> this one *both* sends itself via-email a la SirCam, *AND* 
> |> scans for vulnerable
> |> web servers, and if it finds a vulnerable server, it causes 
> |> anybody visiting
> |> that webpage to be offered a contaminated .exe as well.
> |> 
> |> I do *NOT* have a handle on what malicious effects it has 
> |> other than just
> |> propagating.
> |> 
> |> This one's nasty, folks...
> |> 
> |> -- 
> |> 				Valdis Kletnieks
> |> 				Operating Systems Analyst
> |> 				Virginia Tech
> |> 
> |> 

-- 
[ Jim Mercer        [email protected]         +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]