Home page logo

nanog logo nanog mailing list archives

Re: Worm probes
From: Jared Mauch <jared () puck Nether net>
Date: Tue, 18 Sep 2001 12:46:41 -0400

        I just got an e-mail with

 Subject: Central Command News for 09/14/2001 (Virus Update Notification)

        It had readme.exe attached to it.  Obviously one should not
open this.

        Time to create a new .procmail rule.

On Tue, Sep 18, 2001 at 11:23:30AM -0500, Tim Winders wrote:

Hash: SHA1

I just received this update from Sophos.  Perhaps this is the virus that
is spreading?

-- snip --

W32/Nimda-A is an email-aware virus that spreads using an
attached filename of README.EXE.

Sophos researchers are continuing to examine the virus and will
be posting a more detailed description of the virus on the
Sophos website once the analysis is complete.

Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]