Security Incidents mailing list archives
Concept Virus / Nimda
From: Gary Warner <gar () askgar com>
Date: Tue, 18 Sep 2001 13:37:04 -0500
Thanks for the advisory regarding the most recent virus. You might want to mention also that infected web servers will attempt to attach a "README.EML" file to every page delivered. As pointed out by George Guninski's advisory last year, .eml files WILL EXECUTE if viewed in IE 5.0 or higher (unless the browser has been patched by a microsoft update since December 2000, I believe) To see if YOUR browser has been patched vs. eml embedded files, you could check guninski's demo page at: http://www.guninski.com/eml-desc.html The news about the attachment was received from http://www.dshield.org/ Symantec has a page about the virus at: http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a () mm html McAfee's page about the virus is at: http://vil.mcafee.com/dispVirus.asp?virus_k=99209 Oh, according to the McAfee advisory, this one is marked internally: Concept Virus (CV) V.5, Copyright (C) 2001 R.P.China ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Any one seen any evidence of "Code Blue?" Michael Katz (Sep 11)
- Re: Any one seen any evidence of "Code Blue?" Yaakov Yehudi (Sep 12)
- Re: Any one seen any evidence of "Code Blue?" Nick FitzGerald (Sep 12)
- Re: Any one seen any evidence of "Code Blue?" H C (Sep 12)
- Concept Virus / Nimda Gary Warner (Sep 18)
- Re: Any one seen any evidence of "Code Blue?" H C (Sep 12)
- <Possible follow-ups>
- Re: Any one seen any evidence of "Code Blue?" Pedro Miller Rabinovitch (Sep 12)
- RE: Any one seen any evidence of "Code Blue?" Patrick Belcher, Monitored Security (Sep 12)