Home page logo
/

nanog logo nanog mailing list archives

Re: Worm probes
From: Jim Mercer <jim () reptiles org>
Date: Tue, 18 Sep 2001 13:29:46 -0400


On Tue, Sep 18, 2001 at 08:48:43AM -0700, Roeland Meyer wrote:
I wonder if ...

Afghanistan ... taliban .... holy war ...?

We need to start back-tracing this one, methinks.

go for the root cause.

send the US military forces out to eliminate microsoft and
their weak security.


|> -----Original Message-----
|> From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
|> Sent: Tuesday, September 18, 2001 8:30 AM
|> To: Bryan Heitman
|> Cc: nanog () merit edu
|> Subject: Re: Worm probes 
|> 
|> 
|> On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman 
|> <bryanh () communitech net>  said:
|> > 
|> > We're also seeing a large increase in this activity.  This 
|> seems to be more
|> > severe than the first time.  Have an additional 30 to 40 
|> meg inbound from
|> > this.
|> 
|> This seems to be the culprit:
|> 
|> Concept Virus(CV) V.5, Copyright(C)2001  R.P.China
|> 
|> I've nailed a copy, and am working on getting it to the 
|> right security
|> people.  A *PRELIMINARY* (eyeballing the output of 'strings' 
|> indicates that
|> this one *both* sends itself via-email a la SirCam, *AND* 
|> scans for vulnerable
|> web servers, and if it finds a vulnerable server, it causes 
|> anybody visiting
|> that webpage to be offered a contaminated .exe as well.
|> 
|> I do *NOT* have a handle on what malicious effects it has 
|> other than just
|> propagating.
|> 
|> This one's nasty, folks...
|> 
|> -- 
|>                            Valdis Kletnieks
|>                            Operating Systems Analyst
|>                            Virginia Tech
|> 
|> 

-- 
[ Jim Mercer        jim () reptiles org         +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault