Full Disclosure mailing list archives

Re: Web counter in the new Swen/Gibe.F worm

From: S G Masood <sgmasood () yahoo com>
Date: Thu, 18 Sep 2003 16:52:58 -0700 (PDT)

Hey,

I believe I have a sample...I am still studying it. I
don't know if it's fine if I mail it to the list. Mail
me if you need a copy(I'm online for only about 30min
more).

Upon initial glance, I find the "internals" a bit
strange. Maybe I am wrong.

--
S.G.Masood

Hyderabad,
India.
--


--- "B.K. DeLong" <bkdelong () pobox com> wrote:

At 02:31 PM 9/18/2003 -0400, you wrote:

Hi,

Joe Stewart of Lurhq.com has made an interesting

discovery about the new

Swen/Gibe.F worm that started circulating today:

When the worm infects

a new machine, it hits a Web counter.

The URL of the counter is:


http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&set=cnt006


If this URL wraps in your email reader, here's a

shorter version:


   http://tinyurl.com/nufo

At 2:30 EST, the counter is about 615,000.

Here's a bit more about the worm:

   http://news.com.com/2100-7349_3-5078696.html

The server log entries for this counter might prove

interesting to virus

researchers.  These entries could provide data for

a statistical study

of computer worm transmissions.  Perhaps the

Vutbr.cz Web site would be

willing to go public with this information.


Is anyone storing sample virii somewhere for
analysis? Or do we have to 
wait for it to show?


--
B.K. DeLong
bkdelong () pobox com
+1.617.797.2472

http://ocw.mit.edu                           Work.
http://www.brain-stream.com               Play.
http://www.the-leaky-cauldron.org        Potter.
http://www.city-of-doors.com               Sigil

PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.netsys.com/full-disclosure-charter.html


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Web counter in the new Swen/Gibe.F worm Richard M. Smith (Sep 18)
- Re: Web counter in the new Swen/Gibe.F worm B.K. DeLong (Sep 18)
  - Re: Web counter in the new Swen/Gibe.F worm S G Masood (Sep 18)
  - Swen/Gibe.F Worm - Some New Info (was RE: Web counter in the new Swen/Gibe.F worm) S G Masood (Sep 18)
- Re: Web counter in the new Swen/Gibe.F worm security (Sep 19)
  - Re: Web counter in the new Swen/Gibe.F worm J. Race (Sep 19)
  - Re: Web counter in the new Swen/Gibe.F worm Cael Abal (Sep 19)
  - Re: Web counter in the new Swen/Gibe.F worm security (Sep 20)
- <Possible follow-ups>
- Re: Web counter in the new Swen/Gibe.F worm Timo Schoeler (Sep 18)
  - Re: Web counter in the new Swen/Gibe.F worm security (Sep 19)