Vulnerability Development mailing list archives
Re: Another new worm???
From: jrlogic69 () HOTMAIL COM (Justin Randall)
Date: Tue, 20 Jun 2000 22:58:54 -0500
Perhaps the post to the list is a troll and deservedly flamebait, however .... I'm not sure exactly where this message was delivered, but the headers imply that it was sent to vuln-dev () securityfocus com. As the name implies, the list is dedicated to exploring security vulnerabilities. The virus posting is quite appropriate for this list and its subscribers. I would recommend that readers unsubscribe from the list if they or their systems are not prepared to view and analyze information disseminated here. For the confused or uninitiated, visiting http://www.securityfocus.com/ and selecting FORMS and MAILING LISTS on the main page provides useful information. Be Safe - J ----- Original Message ----- From: "Dan Schrader" <Dan_Schrader () TRENDMICRO COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Tuesday, June 20, 2000 2:44 PM Subject: Re: Another new worm???
Thank you You have no provided the virus to 40,000 people who have nothing in common except that they are interested in security. Go to usenet and you will
find
dozens of posts from virus writers and vx wannabes asking for viruses to play with - you answered their prayers. This virus has already been extensively analyzed - there was no need to spread it further. In the future if you wish to have a file analyzed, send to known, trusted experts or send to one or more of the antivirus vendors. Trend Micro will analyze unsolicated files if you send them to: virus_doctor () trendmicro com Dan Schrader Trend Micro www.antivirus.com -----Original Message----- From: Blue Boar [mailto:BlueBoar () THIEVCO COM] Sent: Monday, June 19, 2000 7:25 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Another new worm??? This copy was provided to the SecurityFocus folks today by Ron Greer. Password is "worm", without the quotes. It appears to be a known virus/worm: http://vil.mcafee.com/dispVirus.asp?virus_k=98668 They're (McAfee) saying they got word on 5/30, and the deal is that it seems to have gotten loose today. Also:
http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=VBS
_STAGES.A It looks like it's got a Word header on it (which seems strange to me for a .shs extension) and it's partially obscufucated. I'd be interested in seeing some analysis. BB
Current thread:
- Re: Another new worm???, (continued)
- Re: Another new worm??? Jason Legate (Jun 19)
- Re: Another new worm??? Ron DuFresne (Jun 19)
- Re: Another new worm??? PS Howe (Jun 19)
- Re: Another new worm??? Alexander Kiwerski (Jun 19)
- Re: Another new worm??? Zoa_Chien (Jun 19)
- Re: Another new worm??? Alexander Kiwerski (Jun 19)
- Re: Another new worm??? Dan Schrader (Jun 20)
- Re: Another new worm??? Blue Boar (Jun 20)
- Re: Another new worm??? Bennett Todd (Jun 20)
- Re: Another new worm??? ~jim (Jun 20)
- Re: Another new worm??? Justin Randall (Jun 20)
- Re: Another new worm??? (long) Pierre Vandevenne (Jun 21)
- Re: Another new worm??? Joe Gee (Jun 20)
- Re: Another new worm??? Dan Schrader (Jun 21)
- Re: Another new worm??? Bennett Todd (Jun 21)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 22)
- Re: Another new worm??? (technical) Bluefish (Jun 23)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 23)
- Re: Another new worm??? (technical) Max Vision (Jun 23)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 23)
- Re: Another new worm??? (technical) Max Vision (Jun 23)
- Re: Another new worm??? Bennett Todd (Jun 21)