Security Incidents mailing list archives

RE: New "concept" virus/worm?

From: Tom Smit <TSmit () fourthchannel com>
Date: Tue, 18 Sep 2001 18:27:53 -0400

Actually, it's not a removal tool.  That's just a program to update your DAT
files if you have McAfee virus scanner.

-----Original Message-----
From: Tina Bird [mailto:tbird () precision-guesswork com] 
Sent: Tuesday, September 18, 2001 3:51 PM
To: Christian Hampson
Cc: incidents () securityfocus com; focus-virus () securityfocus com
Subject: RE: New "concept" virus/worm?

McAfee/NAI has a removal tool:

http://download.nai.com/products/mcafee-avert/nimda2.exe

On Tue, 18 Sep 2001, Christian Hampson wrote:

Date: Tue, 18 Sep 2001 11:29:09 -0700
From: Christian Hampson <champson () hampsonservices com>
To: incidents () securityfocus com, focus-virus () securityfocus com
Subject: RE: New "concept" virus/worm?

Please forgive the cross-post.

I am at a client site.  Win2k without SP2 is infected.  NT4 without 
IIS or an email client installed has not been affected.  Fortunately, 
that is the server containing payroll.

If anyone has developed or heard of a removal tool, I would love to 
hear about it.

So far, I have seen McAfee, Sophos, and F-Secure post definitions for 
this virus.

Christian Hampson
champson () hampsonservices com

-----Original Message-----
From: Dave Salovesh [mailto:salovesh () ramassociates com]
Sent: Tuesday, September 18, 2001 10:21
To: 'Brett Glass'; Jay D. Dyson; Incidents List
Cc: Vuln Dev
Subject: RE: New "concept" virus/worm?

It infects 98 (I've got it on the one 98 workstation we run) and may 
have been involved in infecting two of NT4 servers.

I also have two UNinfected NT4 servers that are patched to about the 
same level as the infected ones - not quite completely patched, but I 
think I've selected all the appropriate ones for the role each server 
plays.

My W2K server is patched up to the minute and didn't get infected.  So 
far...


LogAnalysis: http://kubarb.phsx.ukans.edu/~tbird/log-analysis.html
VPN:  http://kubarb.phsx.ukans.edu/~tbird/vpn.html
life: http://kubarb.phsx.ukans.edu/~tbird
work: http://www.counterpane.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For more
information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re: New "concept" virus/worm?, (continued)
- - - Re: New "concept" virus/worm? Jim (Sep 18)
    - Side Affect of the new worm: HD fills up Stanley G. Bubrouski (Sep 19)
    - Re: New "concept" virus/worm? Michael H. Warfield (Sep 18)
  - Re: New "concept" virus/worm? Dan Jones (Sep 18)
  - RE: New "concept" virus/worm? Guillaume TARRARE (Sep 18)
    - RE: New "concept" virus/worm? Joseph P Frazee (Sep 18)
  - RE: New "concept" virus/worm? Ronny Vaningh (Sep 18)
- RE: New "concept" virus/worm? Christian Hampson (Sep 18)
  - RE: New "concept" virus/worm? Tina Bird (Sep 18)
- RE: New "concept" virus/worm? Peter Mueller (Sep 18)
- RE: New "concept" virus/worm? Tom Smit (Sep 18)