Vulnerability Development mailing list archives
Re: Another new worm???
From: alex () WINSTAR NET (Alexander Kiwerski)
Date: Mon, 19 Jun 2000 21:49:35 -0700
This one got sent to many people around the office here too, but our IS guys caught it quickly. It's not new of course, and the current McAfee DAT's do catch it. (Caught it on mine. 4078? I think) If you use Outlook or Outlook Express you won't see the .shs extension, however the extension shows up in Eudora. Regards, Alexander Kiwerski Senior Network Engineer Winstar Network Operations - West At 11:24 AM 6/20/00 +0800, PS Howe wrote:
I found some information at: http://www.zdnet.com/zdnn/stories/news/0,4586,2589845,00.html Do take a look. The worm does not do much damage but it is a pain. --- Jason Legate <jlegate () ALIENCHICK COM> wrote: > It would appear that this worm was borne from thediscussions on bugtraq a while back. Just about a month ago, an email was sent regarding this exact issue. I think someone ran with it, and released it in the wild, as my company was hit by it as well. From preliminary looks, it seems like it plays with the filesystem, peeks/pokes at the registry, and logs on to irc. Has anyone else seen this? -j On Mon, Jun 19, 2000 at 09:49:54AM -0400, Studio1057 () AOL COM wrote:Hello all, This morning I am getting a lot of mail withattachments. Trends are:No from and to appears in the header Attachments have .SHS extension (??!!) the subject is either :Jokes", or "Funny: Jokestext", or "Life stages".Funny text does not show the attachment. The restare .txt.shs extensions,the filename is the subject line but in all caps. Any ideas? I am planning to clip a copy of all the"variations" I'm gettingto check out what is going on. Unless of coursesomebody else has alreadydone so in which case I am anxiously awaiting whatyou guys cme up with.Thanks, LK-- /--------------------------/ Jason Legate \------------------------\ | jlegate () sitesmith com | SiteSmith, Inc. | | 24x7 Call Center | http://www.sitesmith.com | | 888.898.7667 | PGP Key ID - 0xA855AAC3 |+---------------------------------+--------------------------------+| Fingerprint - 2D5F 87A0 26E6 A65B 6837 D100 FB54 A972 A855 AAC3 |\------------------------------------------------------------------/ATTACHMENT part 2 application/pgp-signature__________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://messenger.yahoo.com.sg
Current thread:
- Another new worm??? Studio1057 () AOL COM (Jun 19)
- Re: Another new worm??? Pierre Vandevenne (Jun 19)
- Re: Another new worm??? Kenneth Williams (Jun 19)
- Re: Another new worm??? Blue Boar (Jun 19)
- Re: Another new worm??? Jason Legate (Jun 19)
- Re: Another new worm??? Ron DuFresne (Jun 19)
- <Possible follow-ups>
- Re: Another new worm??? PS Howe (Jun 19)
- Re: Another new worm??? Alexander Kiwerski (Jun 19)
- Re: Another new worm??? Zoa_Chien (Jun 19)
- Re: Another new worm??? Alexander Kiwerski (Jun 19)
- Re: Another new worm??? Dan Schrader (Jun 20)
- Re: Another new worm??? Blue Boar (Jun 20)
- Re: Another new worm??? Bennett Todd (Jun 20)
- Re: Another new worm??? ~jim (Jun 20)
- Re: Another new worm??? Justin Randall (Jun 20)
- Re: Another new worm??? (long) Pierre Vandevenne (Jun 21)
- Re: Another new worm??? Joe Gee (Jun 20)
- Re: Another new worm??? Dan Schrader (Jun 21)
(Thread continues...)
- Re: Another new worm??? Pierre Vandevenne (Jun 19)