Security Incidents mailing list archives
Re: Worm1800.exe on UnderNet?
From: "Jean-Luc" <Jean-Luc () Cavey org>
Date: Thu, 20 Jun 2002 23:03:59 +0200
cw [mailto:cw () fidei co uk] >>>>> :
Hi there folks, Twice in the past hour I have been messaged by two separate people on UnderNet.
Two separate people ? Are you sure ?
The message goes:!Notice!: A Recent Port Scan on your Computer reveals that Port 1800is in open state. This usually means that you have been infected with an IRC Worm Virus. Please download the cleaner at: http://www.No-Hack.Us/Fixes/Worm1800.exe to remove the virus from your system. If you do not comply with this rule within 30 minutes, our client monitor will ban you from this network. -Thanks For Understanding. UNDERNet Exploit Team
Don't do that ! 1- Verify if your port 1800 is actually open. If yes, ask yourself "Why" ? There is no evidence at this step that it's due to an IRC Worm. 2- http://www.No-Hack.Us/Fixes/Worm1800.exe is probably the worm itself. 3- There is no reason for your ISP to ban you from the Web. The mails you received sound like a social engineering way to constrain you to actually install the worm on your computer instead of to protect your machine against the worm. Jean-Luc Cavey National AntiVirus Specialist KPMG France Office : +33 (0) 1 46 39 46 21 Home : +33 1 45 43 45 62 Mobile : +33 (0) 6 15 93 77 96 E-Mail : NAVS () kpmg fr ================================ La presence de ce texte prouve que ce message electronique a ete verifie par un logiciel anti-virus à jour au moment de l'envoi. The presence of this text proves that this e-mail has been verified by an up-to-date anti-virus software at the time of the sending. ================================ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Worm1800.exe on UnderNet? cw (Jun 20)
- Re: Worm1800.exe on UnderNet? Alex Lambert (Jun 20)
- Re: Worm1800.exe on UnderNet? Jean-Luc (Jun 20)
- Re: Worm1800.exe on UnderNet? Ryan Russell (Jun 20)
- Re: Worm1800.exe on UnderNet? Kelly Brown (Jun 20)
- Re: Worm1800.exe on UnderNet? K. Graham (Jun 21)
- Re: Worm1800.exe on UnderNet? bonk (Jun 21)
- FollowUp: Worm1800.exe on UnderNet? cw (Jun 21)
- Re: FollowUp: Worm1800.exe on UnderNet? Ryan Russell (Jun 21)
- <Possible follow-ups>
- RE: Worm1800.exe on UnderNet? Darren Windham (Jun 20)