Security Incidents mailing list archives

RE: ALEVRIUS!

From: "Rob Shein" <shoten () starpower net>
Date: Thu, 6 Feb 2003 18:31:32 -0500

Can you provide a little more information?  Like port numbers?
UDP/TCP/ICMP?  Anything?  I assume you've checked Google already, so you may
not have much more than we do at this point.

-----Original Message-----
From: Geert Kiers [mailto:kweb () kweb on ca] 
Sent: Thursday, February 06, 2003 1:39 PM
To: incidents () securityfocus com
Subject: ALEVRIUS!

Greetings:

I'd rather just read the mail and not be a regular.  Too many 
auto respondeers coming back at me say "I'm not in until such 
and such a time. In case of emergency contact ....", each 
time I post but...  I have a problem, I think.

Who or what is ALEVRIUS!

Is it related to ALEVIR or the Opaserv/Opasoft worm?

The reason I ask, we had a number of weird things happening 
on our little network this morning so I decided to run MS 
Netmon and captue a while.
When I finished capturing I did a Find All Names.   and it 
discovered a new
one:

ALEVRIUS! [no transposition (sp?) error.  It is ALEVRIUS! 
with the exclamation mark] associated with a specific ip 
address with a valid appearing dynamic DNS name.

Now we run mainly NT servers and I get the sense that if it 
is ALEVIR that our hosts may not get infected.  Still I am 
scanning our drives for occurances of alevir, scrsvr, brasil, 
marco!, instit, mqbkup and mmstask. In all cases hoping (or 
not) to find the .exe file which is supposed to be the 
driver.  As a last thought, I also searched for alevrius.  
All searches were negative.

I did a search of online.securityfoucs.com/archives for both 
alevir and alevrius! but found not match.  I assume, then. 
that this is either a new topic or one of little importance.  
Can anyone enlighten me?

Regards,

Geert

--------------------------------------------------------------
--------------
This list is provided by the SecurityFocus ARIS analyzer 
service. For more information on this free incident handling, 
management 
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Current thread:

ALEVRIUS! Geert Kiers (Feb 06)
- RE: ALEVRIUS! Rob Shein (Feb 07)
- RE: ALEVRIUS! James C Slora Jr (Feb 07)
- RE: ALEVRIUS! NetSec Analyst (Feb 10)
- <Possible follow-ups>
- RE: ALEVRIUS! Anders Reed Mohn (Feb 07)
- RE: ALEVRIUS! Salisko, Rick (Feb 07)
- RE: ALEVRIUS! Anders Reed Mohn (Feb 11)