Full Disclosure mailing list archives

Re: Fwd: Internet Security Update

From: Joe Stewart <jstewart () lurhq com>
Date: Tue, 8 Apr 2003 15:34:54 -0400

On Tuesday 08 April 2003 01:32 pm, Brad Knowles wrote:

      I don't think this is a real Microsoft security announcement
(they wouldn't be likely to be sent via an unknown IP address over in
the space owned by hiwaay.net), but it does appear to be the result
of a hoax, a virus, or a Trojan Horse that I have not yet heard of.

      I've done various searches via Google and on the web sites of the
anti-virus vendors, and haven't turned up anything on this issue.
Have I missed something?


It's the Gibe.b worm, discovered in February. It is known to pose as a 
Microsoft security announcement.
http://www.f-secure.com/v-descs/gibe_b.shtml

-Joe

-- 
Joe Stewart, GCIH 
Senior Intrusion Analyst
LURHQ Corporation
http://www.lurhq.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Fwd: Internet Security Update Brad Knowles (Apr 08)
- Re: Fwd: Internet Security Update Joe Stewart (Apr 08)
- Re: Fwd: Internet Security Update Ward Vandewege (Apr 08)
  - RE: Fwd: Internet Security Update digitz (Apr 08)
- Re: Fwd: Internet Security Update KF (Apr 08)
- Re: Fwd: Internet Security Update Gregory Le Bras | Security Corporation (Apr 08)
  - Re: Fwd: Internet Security Update Ron DuFresne (Apr 08)
    - Re: Fwd: Internet Security Update Brad Knowles (Apr 08)
- Re: Fwd: Internet Security Update Nicob (Apr 08)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Nicolas Villatte (Apr 08)
  - RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Brad Knowles (Apr 08)
    - RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Nick FitzGerald (Apr 08)

(Thread continues...)