Security Incidents mailing list archives
RE: New "concept" virus/worm?
From: Tom Smit <TSmit () fourthchannel com>
Date: Tue, 18 Sep 2001 18:27:53 -0400
Actually, it's not a removal tool. That's just a program to update your DAT files if you have McAfee virus scanner. -----Original Message----- From: Tina Bird [mailto:tbird () precision-guesswork com] Sent: Tuesday, September 18, 2001 3:51 PM To: Christian Hampson Cc: incidents () securityfocus com; focus-virus () securityfocus com Subject: RE: New "concept" virus/worm? McAfee/NAI has a removal tool: http://download.nai.com/products/mcafee-avert/nimda2.exe On Tue, 18 Sep 2001, Christian Hampson wrote:
Date: Tue, 18 Sep 2001 11:29:09 -0700 From: Christian Hampson <champson () hampsonservices com> To: incidents () securityfocus com, focus-virus () securityfocus com Subject: RE: New "concept" virus/worm? Please forgive the cross-post. I am at a client site. Win2k without SP2 is infected. NT4 without IIS or an email client installed has not been affected. Fortunately, that is the server containing payroll. If anyone has developed or heard of a removal tool, I would love to hear about it. So far, I have seen McAfee, Sophos, and F-Secure post definitions for this virus. Christian Hampson champson () hampsonservices com -----Original Message----- From: Dave Salovesh [mailto:salovesh () ramassociates com] Sent: Tuesday, September 18, 2001 10:21 To: 'Brett Glass'; Jay D. Dyson; Incidents List Cc: Vuln Dev Subject: RE: New "concept" virus/worm? It infects 98 (I've got it on the one 98 workstation we run) and may have been involved in infecting two of NT4 servers. I also have two UNinfected NT4 servers that are patched to about the same level as the infected ones - not quite completely patched, but I think I've selected all the appropriate ones for the role each server plays. My W2K server is patched up to the minute and didn't get infected. So far...
LogAnalysis: http://kubarb.phsx.ukans.edu/~tbird/log-analysis.html VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html life: http://kubarb.phsx.ukans.edu/~tbird work: http://www.counterpane.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: New "concept" virus/worm?, (continued)
- Re: New "concept" virus/worm? Jim (Sep 18)
- Side Affect of the new worm: HD fills up Stanley G. Bubrouski (Sep 19)
- Re: New "concept" virus/worm? Michael H. Warfield (Sep 18)
- Re: New "concept" virus/worm? Dan Jones (Sep 18)
- RE: New "concept" virus/worm? Guillaume TARRARE (Sep 18)
- RE: New "concept" virus/worm? Joseph P Frazee (Sep 18)
- RE: New "concept" virus/worm? Ronny Vaningh (Sep 18)
- RE: New "concept" virus/worm? Christian Hampson (Sep 18)
- RE: New "concept" virus/worm? Tina Bird (Sep 18)
- RE: New "concept" virus/worm? Peter Mueller (Sep 18)
- RE: New "concept" virus/worm? Tom Smit (Sep 18)