Security Incidents mailing list archives
Re: SIRCAM WORM?
From: "acz [iSecureLabs]" <aurelien.cabezon () iSecureLabs com>
Date: Tue, 24 Jul 2001 17:04:14 +0200
here you are : http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SIRCAM.A Cabezon Aurélien http://www.iSecureLabs.com ----- Original Message ----- From: "borakovej" <borakove () nhgri nih gov> To: "Tulchinskiy, Sasha" <STulchinskiy () aspensys com>; <incidents () securityfocus com> Sent: Monday, July 23, 2001 10:29 PM Subject: SIRCAM WORM?
Has anyone heard of the SirCam Worm???? ----- Original Message ----- From: "Tulchinskiy, Sasha" <STulchinskiy () aspensys com> To: <incidents () securityfocus com> Sent: Friday, July 20, 2001 6:45 AM Subject: RE: CodeRedBlackICE Agent for Servers reports it to ICECap console as Issue 2002608 "ISAPI extension overflow" Sasha. -----Original Message----- From: Ryan Russell [mailto:ryan () securityfocus com] Sent: Thursday, July 19, 2001 5:18 PM To: incidents () securityfocus com Subject: CodeRed Here's a copy of CodeRed, as captured by my elite honeypot: nc -l -p 80 > c:\gotcha It's in a password protected .zip file, password is "worm" without the quotes. The zip file is only about 2K, so it shouldn't cause undue
stress
on anyone's mail server or client. There is a rule available for Snort: http://www.whitehats.com/info/IDS552 BlackICE defender spotted this one as "Suspicious URL": 39, 2001-07-19 20:05:28, 2002500, Suspicious URL, 203.138.114.17, st0017.nas911.sapporo.nttpc.ne.jp, x.x.x.x, , , 1, And I'm not aware of other IDS' that catch this. (Though I'd like to be corrected if that's not the case.) Ryan-------------------------------------------------------------------------- --This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com--------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- CodeRed Ryan Russell (Jul 19)
- Re: CodeRed James T Kirk (Jul 20)
- <Possible follow-ups>
- Re: CodeRed Ryan Russell (Jul 19)
- Re: CodeRed Ryan Russell (Jul 19)
- RE: CodeRed Ivan (Jul 19)
- RE: CodeRed Fulton L. Preston Jr. (Jul 19)
- Re: CodeRed Ryan Russell (Jul 20)
- RE: CodeRed Tulchinskiy, Sasha (Jul 20)
- SIRCAM WORM? borakovej (Jul 24)
- Re: SIRCAM WORM? acz [iSecureLabs] (Jul 24)
- SIRCAM WORM? borakovej (Jul 24)
- CodeRed terminator (Jul 21)