Security Incidents mailing list archives
RE: New "concept" virus/worm?
From: "Ronny Vaningh" <ronny () netrusion com>
Date: Tue, 18 Sep 2001 18:50:22 +0200
http://www.sarc.com/avcenter/venc/data/w32.nimda.a () mm html But also through network shares -----Original Message----- From: Jay D. Dyson [mailto:jdyson () treachery net] Sent: dinsdag 18 september 2001 18:21 To: Incidents List Cc: Vuln Dev Subject: Re: New "concept" virus/worm? -----BEGIN PGP SIGNED MESSAGE----- On Tue, 18 Sep 2001, Joao Gouveia wrote:
I kept the executables for analysis, if anyone woud like to take a look, drop me an email.
Anyone interested in examining the payload can also pick up a copy at http://www.treachery.net/~jdyson/worms/readme.exe (MD5 hash of the payload is at http://www.treachery.net/~jdyson/worms/readme.exe.md5).
So, what I ask is, does anyone know about this worm? I've done a quick search for it and couldn't find nothing like it.
It's a two-prong worm. It appears to be primarily disseminated via e-mail, and then launches its attacks on web hosts upon successful infection. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--.
====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) | = |-' `--' `--' `-- What doesn't kill us only makes us stronger. --' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO6dmYLlDRyqRQ2a9AQHrDwQAg2IRpTh5c9hzhk1NTWdR3Ta6lsnmn5rg KUPnc6lpecvtiaYkPxPTiSuQT4sUndXOfS5eaHn9JagI/bFGcRAWHW1tRFzafU1N 1TX57UiRYo9abt5DBbh7sdIsRrm3nhFaifkzog7yQp46B/GzvzlCeBT/4CeIbgXY gg1laOKK4AY= =OrqU -----END PGP SIGNATURE----- ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- MIME type of readme.eml (was Re: New "concept" virus/worm?, (continued)
- MIME type of readme.eml (was Re: New "concept" virus/worm? Rob Quinn (Sep 19)
- Re: MIME type of readme.eml (was Re: New "concept" virus/worm? Henrik Pedersen (Sep 19)
- Re: New "concept" virus/worm? Ryan Russell (Sep 18)
- Re: New "concept" virus/worm? Nick FitzGerald (Sep 18)
- Re: New "concept" virus/worm? Jim (Sep 18)
- Side Affect of the new worm: HD fills up Stanley G. Bubrouski (Sep 19)
- Re: New "concept" virus/worm? Michael H. Warfield (Sep 18)
- RE: New "concept" virus/worm? Joseph P Frazee (Sep 18)
- RE: New "concept" virus/worm? Tina Bird (Sep 18)