Security Incidents mailing list archives
Re: Has anyone else seen/encountered the "VBS.Network" virus? I just did.
From: Robert.Graham () NETWORKICE COM (Robert Graham)
Date: Mon, 28 Feb 2000 15:12:58 -0800
Network.vbs is a worm that copies itself through File and Print Sharing. "Repair" removes the virus from the file. Remember: a virus attachs itself to existing files; so repair undoes this. In your case, it isn't a virus but a worm, so removing the virus would remove the file, which it cannot do. "Quarantine" encrypts the file. The file still exists, but has been weakly encrypted so that it is no longer a valid file. This means you can un-quarantine at any time and you don't lose a file due to false positives. I somebody could send me a copy of this file; I would really appreciate it. I would love to run it and create a network-based intrusion detection signature for our product. Regards, Robert Graham CTO/Network ICE -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On Behalf Of Olaf Black Sent: Sunday, February 27, 2000 11:22 PM To: INCIDENTS () securityfocus com Subject: Has anyone else seen/encountered the "VBS.Network" virus? I just did. Hello all: Norton Antivirus just popped up an alert indicating that it had found a file: C:\Windows\TEMP\tmpB214.TMP That had been infected with the "VBS.Network" virus. Norton first asked me if I wanted to repair the file. Since this was the "recommended" procedure from Norton, I went ahead and let NAV attempt to repair the file. NAV then came back and told me that the file could not be repaired, and that the next "recommended" course of action would be to "quarantine" the file so I went ahead and NAV came back and said that it successfully quarantined the file. With that, I have some questions. What is the "VBS.Network" virus? What does it do exactly? What does "quarantining" an infected file do? Does it mean a file is moved off into a "safe" directory and modified in some way? Thanks, Olaf
Current thread:
- HackerWhacker Omachonu Ogali (Feb 25)
- Has anyone else seen/encountered the "VBS.Network" virus? I just did. Olaf Black (Feb 27)
- Re: Has anyone else seen/encountered the "VBS.Network" virus? I just did. Robert Graham (Feb 28)
- Re: Has anyone else seen/encountered the "VBS.Network" virus? Ijust did. James Crooks (Feb 28)
- Re: Has anyone else seen/encountered the "VBS.Network" virus? I just did. qui3tri0t (Feb 29)
- Re: HackerWhacker Network Operations (Feb 28)
- Has anyone else seen/encountered the "VBS.Network" virus? I just did. Olaf Black (Feb 27)