Security Incidents mailing list archives
Re: New gnutella worm found in the wild.
From: David Bailey <davidabailey () WORLDNET ATT NET>
Date: Sun, 23 Jul 2000 20:49:12 -0700
I sure am glad I keep my virus checker updated. The file was attached (now quarantined, file was "Santana.vbs). Here are some links for the write-up: http://vil.nai.com/villib/dispVirus.asp?virus_k=98666 http://europe.datafellows.com/v-descs/gwv.htm http://www.symantec.com/avcenter/venc/data/vbs.gnutella.html. What REALLY bothers me is that Symantec lists it like this (though not their fault): Number of infections: 0-49 Number of sites: 3-9 Geographic distribution: Medium Threat containment: Easy Removal: Easy Now think of it like this - How many members on this mailing list got it? Wanna bet the number of infections have gone up? Maybe it is just me, why send a KNOWN virus to a mailing list? Why not just let people know that you got hit with it instead of sending it to the list? Sorry for blowing up. But, with all the viruses running around and uneducated (or caring) users that will click on anything, I just don't think it was a good thing to do. Again, sorry for venting to the list but someone had to do it. David Bailey To contact me, Try one of the following: you have my e-mail or ICQ: 36834226/Bit4Byte -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Matt Merhar Sent: Friday, July 21, 2000 10:35 PM To: INCIDENTS () SECURITYFOCUS COM Subject: New gnutella worm found in the wild. Hi, I recently saw this file up for grabs (July 22, 1AM) on the gnutella filesharing network. Attached is the source of what seems to be a non-destructive, self-replicating 'worm' which has already spread quite rapidly around the gnutella network. It also appears to be semi-polymorphic, as it changes it's filename to the names in an array called NewFilenames. The contents of it are as follows: NewFilenames = Array(ProgramName & ".vbs", "Jenna Jameson movie listing.vbs", "Pamela Anderson movie listing.vbs", "Asia Carerra movie listing.vbs", "xxx FTP movie listing.vbs", "ASF Compressor (No quality loss).vbs", "collegesex.vbs", "Gladiator.vbs", "Battlefield Earth.vbs", "Evangelion complete episodes scripts.vbs", "Scan Master checklist.vbs", "How to eat pussy.vbs", "Alicia Silverstone.vbs", "Pearl Jam.vbs", "Mp3 compressor (Half the size but same quality).vbs", "Napster Metallica Crack.vbs", "Santana.vbs", "NSync.vbs", "Nirvana.mp3.vbs", "Shania Twain.mp3.vbs", "Jesus loves you.vbs", "Gnutella upgrade.vbs", "OFFICIAL Gnutella Option Pack.vbs") -Matt ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Current thread:
- New gnutella worm found in the wild. Matt Merhar (Jul 21)
- Re: New gnutella worm found in the wild. David Bailey (Jul 24)
- Automated SSH scanning John Kristoff (Jul 24)
- Re: Automated SSH scanning Sean Dalnodar (Jul 25)
- Re: New gnutella worm found in the wild. Jeff Palmer (Jul 24)
- Message not available
- Re: New gnutella worm found in the wild. Jeff Palmer (Jul 26)
- Automated SSH scanning John Kristoff (Jul 24)
- Re: New gnutella worm found in the wild. David Bailey (Jul 24)