FW: Worm probes [7:20289]
A la Chuck style, I'm forwarding this for those of you that don't follow the NANOG newsgroup... -- Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 9:30 AM To: Bryan Heitman Cc: [EMAIL PROTECTED] Subject: Re: Worm probes On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman said: We're also seeing a large increase in this activity. This seems to be more severe than the first time. Have an additional 30 to 40 meg inbound from this. This seems to be the culprit: Concept Virus(CV) V.5, Copyright(C)2001 R.P.China I've nailed a copy, and am working on getting it to the right security people. A *PRELIMINARY* (eyeballing the output of 'strings' indicates that this one *both* sends itself via-email a la SirCam, *AND* scans for vulnerable web servers, and if it finds a vulnerable server, it causes anybody visiting that webpage to be offered a contaminated .exe as well. I do *NOT* have a handle on what malicious effects it has other than just propagating. This one's nasty, folks... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20289t=20289 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Worm probes [7:20289]
- Original Message - From: Leigh Anne Chisholm To: Sent: Tuesday, September 18, 2001 5:03 PM Subject: FW: Worm probes [7:20289] A la Chuck style, I'm forwarding this for those of you that don't follow the NANOG newsgroup... -- Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 9:30 AM To: Bryan Heitman Cc: [EMAIL PROTECTED] Subject: Re: Worm probes On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman said: We're also seeing a large increase in this activity. This seems to be more severe than the first time. Have an additional 30 to 40 meg inbound from this. This seems to be the culprit: Concept Virus(CV) V.5, Copyright(C)2001 R.P.China I've nailed a copy, and am working on getting it to the right security people. A *PRELIMINARY* (eyeballing the output of 'strings' indicates that this one *both* sends itself via-email a la SirCam, *AND* scans for vulnerable web servers, and if it finds a vulnerable server, it causes anybody visiting that webpage to be offered a contaminated .exe as well. I do *NOT* have a handle on what malicious effects it has other than just propagating. This one's nasty, folks... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20314t=20289 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Worm probes [7:20289]
oops, anyway, here it is again, http://www.datarescue.com/fprot/virinfo/nimda.htm (is it 'related' ? ) - Original Message - From: dlci_16 To: Sent: Tuesday, September 18, 2001 9:11 PM Subject: Re: Worm probes [7:20289] - Original Message - From: Leigh Anne Chisholm To: Sent: Tuesday, September 18, 2001 5:03 PM Subject: FW: Worm probes [7:20289] A la Chuck style, I'm forwarding this for those of you that don't follow the NANOG newsgroup... -- Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 9:30 AM To: Bryan Heitman Cc: [EMAIL PROTECTED] Subject: Re: Worm probes On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman said: We're also seeing a large increase in this activity. This seems to be more severe than the first time. Have an additional 30 to 40 meg inbound from this. This seems to be the culprit: Concept Virus(CV) V.5, Copyright(C)2001 R.P.China I've nailed a copy, and am working on getting it to the right security people. A *PRELIMINARY* (eyeballing the output of 'strings' indicates that this one *both* sends itself via-email a la SirCam, *AND* scans for vulnerable web servers, and if it finds a vulnerable server, it causes anybody visiting that webpage to be offered a contaminated .exe as well. I do *NOT* have a handle on what malicious effects it has other than just propagating. This one's nasty, folks... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20325t=20289 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
