![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Worm probes
From: Valdis.Kletnieks () vt edu
Date: Tue, 18 Sep 2001 11:29:53 -0400
On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman <bryanh () communitech net> said:
We're also seeing a large increase in this activity. This seems to be more severe than the first time. Have an additional 30 to 40 meg inbound from this.
This seems to be the culprit: Concept Virus(CV) V.5, Copyright(C)2001 R.P.China I've nailed a copy, and am working on getting it to the right security people. A *PRELIMINARY* (eyeballing the output of 'strings' indicates that this one *both* sends itself via-email a la SirCam, *AND* scans for vulnerable web servers, and if it finds a vulnerable server, it causes anybody visiting that webpage to be offered a contaminated .exe as well. I do *NOT* have a handle on what malicious effects it has other than just propagating. This one's nasty, folks... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Worm probes sigma (Sep 18)
- Re: Worm probes ravi pina (Sep 18)
- Re: Worm probes deeann mikula (Sep 18)
- Re: Worm probes up (Sep 18)
- Re: Worm probes Bryan Heitman (Sep 18)
- Re: Worm probes Valdis . Kletnieks (Sep 18)
- Re: Worm probes Eric Gauthier (Sep 18)
- Re: Worm probes.. Looking for captures. Michael Airhart (Sep 18)
- Re: Worm probes deeann mikula (Sep 18)
- Re: Worm probes Chris Grout (Sep 18)
- Re: Worm probes ravi pina (Sep 18)
- Re: Worm probes ravi pina (Sep 18)
- RE: Worm probes Mark Radabaugh - Amplex (Sep 18)
- RE: Worm probes Mark Radabaugh - Amplex (Sep 18)
- RE: Worm probes Tim Winders (Sep 18)
- Re: Worm probes Jared Mauch (Sep 18)
- Re: Worm probes Bill Larson (Sep 18)
- Re: Worm probes Christopher X. Candreva (Sep 18)