North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Worm probes
On Tue, Sep 18, 2001 at 08:48:43AM -0700, Roeland Meyer wrote: > I wonder if ... > > Afghanistan ... taliban .... holy war ...? > > We need to start back-tracing this one, methinks. go for the root cause. send the US military forces out to eliminate microsoft and their weak security. > > |> -----Original Message----- > |> From: [email protected] [mailto:[email protected]] > |> Sent: Tuesday, September 18, 2001 8:30 AM > |> To: Bryan Heitman > |> Cc: [email protected] > |> Subject: Re: Worm probes > |> > |> > |> On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman > |> <[email protected]> said: > |> > > |> > We're also seeing a large increase in this activity. This > |> seems to be more > |> > severe than the first time. Have an additional 30 to 40 > |> meg inbound from > |> > this. > |> > |> This seems to be the culprit: > |> > |> Concept Virus(CV) V.5, Copyright(C)2001 R.P.China > |> > |> I've nailed a copy, and am working on getting it to the > |> right security > |> people. A *PRELIMINARY* (eyeballing the output of 'strings' > |> indicates that > |> this one *both* sends itself via-email a la SirCam, *AND* > |> scans for vulnerable > |> web servers, and if it finds a vulnerable server, it causes > |> anybody visiting > |> that webpage to be offered a contaminated .exe as well. > |> > |> I do *NOT* have a handle on what malicious effects it has > |> other than just > |> propagating. > |> > |> This one's nasty, folks... > |> > |> -- > |> Valdis Kletnieks > |> Operating Systems Analyst > |> Virginia Tech > |> > |> -- [ Jim Mercer [email protected] +1 416 410-5633 ] [ Now with more and longer words for your reading enjoyment. ]
|