Worm probes

• Previous message (by thread): Worm probes
• Next message (by thread): Worm probes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman <bryanh at communitech.net>  said:
> 
> We're also seeing a large increase in this activity.  This seems to be more
> severe than the first time.  Have an additional 30 to 40 meg inbound from
> this.

This seems to be the culprit:

Concept Virus(CV) V.5, Copyright(C)2001  R.P.China

I've nailed a copy, and am working on getting it to the right security
people.  A *PRELIMINARY* (eyeballing the output of 'strings' indicates that
this one *both* sends itself via-email a la SirCam, *AND* scans for vulnerable
web servers, and if it finds a vulnerable server, it causes anybody visiting
that webpage to be offered a contaminated .exe as well.

I do *NOT* have a handle on what malicious effects it has other than just
propagating.

This one's nasty, folks...

-- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 211 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010918/6a2ce826/attachment.sig>

• Previous message (by thread): Worm probes
• Next message (by thread): Worm probes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]