Vulnerability Development mailing list archives

New worm?

From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Thu, 4 May 2000 07:07:11 -0700


I received two copies of this worm-looking thing this morning.  I don't
have time to look myself before I head out, but I thought the list
might be interested.  The second copy looks like someone who got it
themselves and wants to know what it is.

Attached is a zip, and inside it is another zip of the two files
wrapped in their original mail headers.. so it should be pretty
safe unless you go out of your way to run them.  In which case,
caveat subscriber.

It looks like VBScript, and has a .vbs extension, and diddles
with reg keys, so I assume it's after windows boxen with WSH
installed.

                                BB

<HR NOSHADE>
<UL>
<LI>application/x-unknown-content-type-WinZip attachment: worm2.zip
</UL>

Current thread:

Info on the VBS/LoveLetter virus, (continued)
- - - Info on the VBS/LoveLetter virus Roelof Temmingh (May 04)
    - Re: ethernet cards & promisc mode Todd Garrison (May 04)
    - Re: ethernet cards & promisc mode RioTek (May 04)
    - ILOVEYOU worm Elias Levy (May 04)
    - don't open email w/ subject line "I love you." (Was: Re: I love you.) Ken Williams (May 04)
    - Re: IL0VEY0U worm Elias Levy (May 04)
    - I Love You.. Repair Program James Wilkins (May 04)
    - Re: IL0VEY0U worm Elias Levy (May 04)
    - Re: IL0VEY0U worm Elias Levy (May 04)
    - Re: IL0VEY0U worm Elias Levy (May 05)
    - New worm? Blue Boar (May 04)
    - Re: New worm? Andri Saar (May 04)
    - Re: New worm? A.T.Z. (May 04)
    - Re: New worm? Sander Smeenk (CistroN Medewerker) (May 04)
    - Re: New worm? M J (May 04)
    - Re: New worm? Erik Kooijman (May 04)
    - email worm, NOT iloveyou Hinken, Brian (May 04)
    - Re: New worm? 3APA3A (May 04)
    - I Love you virus cure for exchange server NT sven (May 04)
    - "I Love You" worm Voodoo Chile (May 04)
    - Re: New worm? Ron DuFresne (May 04)

(Thread continues...)