Security Incidents mailing list archives
RE: New worm ??
From: "Olivier DEMBOUR" <olivier.dembour () axipe com>
Date: Tue, 18 Sep 2001 17:31:00 +0200
Hello, I and a few others I know are getting bombard on our machines with IIS requests....looks like another worm, and its much smarter than before, it seems to stay within the same class A and sometimes the same class B as the attacking machine is in. here is an excerpt of what i believe is the full scan....
Be carefull ! don't surf on the infected server it seems to have a virus (readme.eml) loaded on the index page (IE+mediaplayer bug). The virus is readme.exe, but it don't seem to be troj_apost.a. The readme.eml is on the scripts directory or an other virtual directory. ------------------------------------------------------------------ Olivier DEMBOUR AXIPE Responsable Audit Parc de Garlande Tél : +33 (0) 1 55 58 17 41 1, rue de l'égalité GSM : +33 (0) 6 62 37 90 33 92220 BAGNEUX Email : olivier.dembour () axipe com Fax : +33 (0) 1 55 58 17 57 Fingerprint : 38B7 E954 BD45 C227 32B0 DD87 B5D7 6724 C919 803F ------------------------------------------------------------------ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- New worm ?? Cory McIntire (Sep 18)
- Re: New worm ?? Jay D. Dyson (Sep 18)
- RE: New worm ?? Olivier DEMBOUR (Sep 18)
- Re: New worm ?? Pedro Miller Rabinovitch (Sep 18)