Security Incidents mailing list archives

RE: New worm ??

From: "Olivier DEMBOUR" <olivier.dembour () axipe com>
Date: Tue, 18 Sep 2001 17:31:00 +0200

Hello,
I and a few others I know are getting bombard on our machines with IIS
requests....looks like another worm, and its much smarter than before, it
seems to stay within the same class A and sometimes the same
class B as the
attacking machine is in. here is an excerpt of what i believe is the full
scan....


        Be carefull ! don't surf on the infected server it seems to have a virus
(readme.eml) loaded on the index page (IE+mediaplayer bug). The virus is
readme.exe,
but it don't seem to be troj_apost.a. The readme.eml is on the scripts
directory or
an other virtual directory.


------------------------------------------------------------------
Olivier DEMBOUR                        AXIPE
Responsable Audit                      Parc de Garlande
Tél : +33 (0) 1 55 58 17 41            1, rue de l'égalité
GSM : +33 (0) 6 62 37 90 33            92220 BAGNEUX
Email : olivier.dembour () axipe com      Fax : +33 (0) 1 55 58 17 57

Fingerprint : 38B7 E954 BD45 C227 32B0  DD87 B5D7 6724 C919 803F
------------------------------------------------------------------



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

New worm ?? Cory McIntire (Sep 18)
- Re: New worm ?? Jay D. Dyson (Sep 18)
- RE: New worm ?? Olivier DEMBOUR (Sep 18)
- Re: New worm ?? Pedro Miller Rabinovitch (Sep 18)