Security Incidents mailing list archives
RE: New "concept" virus/worm?
From: "Christian Hampson" <champson () hampsonservices com>
Date: Tue, 18 Sep 2001 11:29:09 -0700
Please forgive the cross-post. I am at a client site. Win2k without SP2 is infected. NT4 without IIS or an email client installed has not been affected. Fortunately, that is the server containing payroll. If anyone has developed or heard of a removal tool, I would love to hear about it. So far, I have seen McAfee, Sophos, and F-Secure post definitions for this virus. Christian Hampson champson () hampsonservices com -----Original Message----- From: Dave Salovesh [mailto:salovesh () ramassociates com] Sent: Tuesday, September 18, 2001 10:21 To: 'Brett Glass'; Jay D. Dyson; Incidents List Cc: Vuln Dev Subject: RE: New "concept" virus/worm? It infects 98 (I've got it on the one 98 workstation we run) and may have been involved in infecting two of NT4 servers. I also have two UNinfected NT4 servers that are patched to about the same level as the infected ones - not quite completely patched, but I think I've selected all the appropriate ones for the role each server plays. My W2K server is patched up to the minute and didn't get infected. So far... -- Dave Salovesh RAM Associates, Inc. (800) 543-3635
-----Original Message----- From: Brett Glass [mailto:brett () lariat org] Sent: Tuesday, September 18, 2001 12:58 PM To: Jay D. Dyson; Incidents List Cc: Vuln Dev Subject: Re: New "concept" virus/worm? At 10:21 AM 9/18/2001, Jay D. Dyson wrote:It's a two-prong worm. It appears to be primarilydisseminatedvia e-mail, and then launches its attacks on web hosts uponsuccessfulinfection.Newsbytes is calling this worm "Code Rainbow," while some of the antivirus firms seem to be calling it "W32.Nimda.A@mm". Can the e-mail infect anything other than Windows NT/2000? Will it infect a system that's running Windows NT/2000 but not IIS? If a Windows 95/98/ME user opens it, will his or her system begin to spread the worm as well? --Brett Glass -------------------------------------------------------------- -------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: MIME type of readme.eml (was Re: New "concept" virus/worm?, (continued)
- Re: MIME type of readme.eml (was Re: New "concept" virus/worm? Henrik Pedersen (Sep 19)
- Re: New "concept" virus/worm? Ryan Russell (Sep 18)
- Re: New "concept" virus/worm? Nick FitzGerald (Sep 18)
- Re: New "concept" virus/worm? Jim (Sep 18)
- Side Affect of the new worm: HD fills up Stanley G. Bubrouski (Sep 19)
- Re: New "concept" virus/worm? Michael H. Warfield (Sep 18)
- Re: New "concept" virus/worm? Dan Jones (Sep 18)
- RE: New "concept" virus/worm? Guillaume TARRARE (Sep 18)
- RE: New "concept" virus/worm? Joseph P Frazee (Sep 18)
- RE: New "concept" virus/worm? Ronny Vaningh (Sep 18)
- RE: New "concept" virus/worm? Tina Bird (Sep 18)