Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New "concept" virus/worm?

From: "Berislav Kucan" <berislav () globalnet hr>
Date: Tue, 18 Sep 2001 19:26:10 +0200
NAI avertlabs marked is as "high", but their VIL database is know
giving some technical errors. These are few vendor responses (not much
information though):

Sophos
http://www.sophos.com/virusinfo/analyses/w32nimdaa.html

NAI
http://vil.nai.com/vil/virusSummary.asp?virus_k=99209

F-Secure
http://www.f-secure.com/v-descs/nimda.shtml

Symantec
http://www.sarc.com/avcenter/venc/data/w32.nimda.a () mm html 

Also NAI calls it Minda, and not Nimda ;)   From their info it says -
The virus contains the string :Concept Virus(CV) V.5, Copyright(c) 2001
R.P.China , so reffer to Defcom's Olle Segerdahl post to Incidents and
Bugtraq...

Berislav Kucan
Help Net Security - http://www.net-security.org
IP-Solutions - http://www.ip-solutions.dk
E-mail: bkucan () net-security org
Phone: +385 91 513 9159

*********** REPLY SEPARATOR  ***********

On 9/18/2001 at 10:57 AM Brett Glass wrote:


At 10:21 AM 9/18/2001, Jay D. Dyson wrote:


       It's a two-prong worm.  It appears to be primarily

disseminated

via e-mail, and then launches its attacks on web hosts upon

successful

infection.


Newsbytes is calling this worm "Code Rainbow," while some of the

antivirus

firms seem to be calling it "W32.Nimda.A@mm".




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: