Vulnerability Development mailing list archives

RE: New "concept" virus/worm?

From: "Tom Brenner" <tom () mics net>
Date: Tue, 18 Sep 2001 14:35:38 -0400

Right.  We have it on a 98 machine here.  Our Win2K server was protected but
it appears our NT server is afflicted.  I thought I had the NT machine all
up to date, but.....

Tom Brenner
Director of Operations
Midwest Internet Connections & Services, Inc.
Phone: (937) 297-6212  Fax: (937) 297-6214
Toll Free Outside Dayton Area: 1-877-get-4fam
Visit our home page at: http://www.4fam.net

-----Original Message-----
From: Dave Salovesh [mailto:salovesh () ramassociates com]
Sent: Tuesday, September 18, 2001 1:21 PM
To: 'Brett Glass'; Jay D. Dyson; Incidents List
Cc: Vuln Dev
Subject: RE: New "concept" virus/worm?


It infects 98 (I've got it on the one 98 workstation we run) and may have
been involved in infecting two of NT4 servers.

I also have two UNinfected NT4 servers that are patched to about the same
level as the infected ones - not quite completely patched, but I think I've
selected all the appropriate ones for the role each server plays.

My W2K server is patched up to the minute and didn't get infected.  So
far...

--
Dave Salovesh
RAM Associates, Inc.
(800) 543-3635

-----Original Message-----
From: Brett Glass [mailto:brett () lariat org]
Sent: Tuesday, September 18, 2001 12:58 PM
To: Jay D. Dyson; Incidents List
Cc: Vuln Dev
Subject: Re: New "concept" virus/worm?


At 10:21 AM 9/18/2001, Jay D. Dyson wrote:

       It's a two-prong worm.  It appears to be primarily

disseminated

via e-mail, and then launches its attacks on web hosts upon

successful

infection.


Newsbytes is calling this worm "Code Rainbow," while some of
the antivirus
firms seem to be calling it "W32.Nimda.A@mm".

Can the e-mail infect anything other than Windows NT/2000?
Will it infect
a system that's running Windows NT/2000 but not IIS? If a
Windows 95/98/ME
user opens it, will his or her system begin to spread the
worm as well?

--Brett Glass


--------------------------------------------------------------
--------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.280 / Virus Database: 147 - Release Date: 9/11/2001

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.280 / Virus Database: 147 - Release Date: 9/11/2001

Current thread:

New "concept" virus/worm? Joao Gouveia (Sep 18)
- <Possible follow-ups>
- RE: New "concept" virus/worm? Dave Salovesh (Sep 18)
  - RE: New "concept" virus/worm? Tom Brenner (Sep 18)
- RE: New "concept" virus/worm? John Thornton (Sep 18)
- RE: New "concept" virus/worm? Peter Mueller (Sep 18)
- Re: New "concept" virus/worm? Mark Kennedy (Sep 18)