mailing list archives
Re: Worm probes
From: Jim Mercer <jim () reptiles org>
Date: Tue, 18 Sep 2001 13:29:46 -0400
On Tue, Sep 18, 2001 at 08:48:43AM -0700, Roeland Meyer wrote:
I wonder if ...
Afghanistan ... taliban .... holy war ...?
We need to start back-tracing this one, methinks.
go for the root cause.
send the US military forces out to eliminate microsoft and
their weak security.
|> -----Original Message-----
|> From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
|> Sent: Tuesday, September 18, 2001 8:30 AM
|> To: Bryan Heitman
|> Cc: nanog () merit edu
|> Subject: Re: Worm probes
|> On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman
|> <bryanh () communitech net> said:
|> > We're also seeing a large increase in this activity. This
|> seems to be more
|> > severe than the first time. Have an additional 30 to 40
|> meg inbound from
|> > this.
|> This seems to be the culprit:
|> Concept Virus(CV) V.5, Copyright(C)2001 R.P.China
|> I've nailed a copy, and am working on getting it to the
|> right security
|> people. A *PRELIMINARY* (eyeballing the output of 'strings'
|> indicates that
|> this one *both* sends itself via-email a la SirCam, *AND*
|> scans for vulnerable
|> web servers, and if it finds a vulnerable server, it causes
|> anybody visiting
|> that webpage to be offered a contaminated .exe as well.
|> I do *NOT* have a handle on what malicious effects it has
|> other than just
|> This one's nasty, folks...
|> Valdis Kletnieks
|> Operating Systems Analyst
|> Virginia Tech
[ Jim Mercer jim () reptiles org +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]
Re: Worm probes Ulf Zimmermann (Sep 18)
Re: Re: FW: Worm probes Frank Coluccio (Sep 18)
RE: Worm probes Roeland Meyer (Sep 18)
RE: Worm probes Smith, Rick (Sep 18)