oops,
anyway, here it is again,
http://www.datarescue.com/fprot/virinfo/nimda.htm
(is it 'related' ? )
----- Original Message -----
From: "dlci_16"
To:
Sent: Tuesday, September 18, 2001 9:11 PM
Subject: Re: Worm probes [7:20289]
> ----- Original Message -----
> From: "Leigh Anne Chisholm"
> To:
> Sent: Tuesday, September 18, 2001 5:03 PM
> Subject: FW: Worm probes [7:20289]
>
>
> > A la Chuck style, I'm forwarding this for those of you that don't follow
> the
> > NANOG newsgroup...
> >
> >
> > -- Leigh Anne
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > [EMAIL PROTECTED]
> > Sent: Tuesday, September 18, 2001 9:30 AM
> > To: Bryan Heitman
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: Worm probes
> >
> >
> > On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman
> > said:
> > >
> > > We're also seeing a large increase in this activity. This seems to be
> > more
> > > severe than the first time. Have an additional 30 to 40 meg inbound
> from
> > > this.
> >
> > This seems to be the culprit:
> >
> > Concept Virus(CV) V.5, Copyright(C)2001 R.P.China
> >
> > I've nailed a copy, and am working on getting it to the right security
> > people. A *PRELIMINARY* (eyeballing the output of 'strings' indicates
> that
> > this one *both* sends itself via-email a la SirCam, *AND* scans for
> > vulnerable
> > web servers, and if it finds a vulnerable server, it causes anybody
> visiting
> > that webpage to be offered a contaminated .exe as well.
> >
> > I do *NOT* have a handle on what malicious effects it has other than
just
> > propagating.
> >
> > This one's nasty, folks...
> >
> > --
> > Valdis Kletnieks
> > Operating Systems Analyst
> > Virginia Tech
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20325&t=20289
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
