A la Chuck style, I'm forwarding this for those of you that don't follow the
NANOG newsgroup...
-- Leigh Anne
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, September 18, 2001 9:30 AM
To: Bryan Heitman
Cc: [EMAIL PROTECTED]
Subject: Re: Worm probes
On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman
said:
>
> We're also seeing a large increase in this activity. This seems to be
more
> severe than the first time. Have an additional 30 to 40 meg inbound from
> this.
This seems to be the culprit:
Concept Virus(CV) V.5, Copyright(C)2001 R.P.China
I've nailed a copy, and am working on getting it to the right security
people. A *PRELIMINARY* (eyeballing the output of 'strings' indicates that
this one *both* sends itself via-email a la SirCam, *AND* scans for
vulnerable
web servers, and if it finds a vulnerable server, it causes anybody visiting
that webpage to be offered a contaminated .exe as well.
I do *NOT* have a handle on what malicious effects it has other than just
propagating.
This one's nasty, folks...
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20289&t=20289
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
