Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New "concept" virus/worm?

From: Dan Jones <Dan.Jones () colorado edu>
Date: Tue, 18 Sep 2001 11:01:50 -0600
It also appears that when users connect to an infected web server the
server will attempt to send/upload readme.exe to the user.

On Tue, Sep 18, 2001 at 09:21:01AM -0700, Jay D. Dyson wrote:

-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 18 Sep 2001, Joao Gouveia wrote:


I kept the executables for analysis, if anyone woud like to take a look,
drop me an email. 


      Anyone interested in examining the payload can also pick up a copy
at http://www.treachery.net/~jdyson/worms/readme.exe (MD5 hash of the
payload is at http://www.treachery.net/~jdyson/worms/readme.exe.md5).


So, what I ask is, does anyone know about this worm?  I've done a quick
search for it and couldn't find nothing like it. 


      It's a two-prong worm.  It appears to be primarily disseminated
via e-mail, and then launches its attacks on web hosts upon successful
infection.



_______________________________
Dan Jones
Campus IT Security Coordinator - ITS
University of Colorado
303.735.6637 Phone

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: