Vulnerability Development mailing list archives

Re: New worm?

From: ssmeenk () CISTRON NL (Sander Smeenk (CistroN Medewerker))
Date: Thu, 4 May 2000 17:14:04 +0200


Quoting A.T.Z. (verkoop () ATZ NL):

More info at: http://www.datafellows.com/v-descs/love.htm


Seems like info on the WIN-BUGSFIX.exe file is missing :]

I analysed it. It looks like the executable searches for all usernames
and passwords on the Windows-target, including IP addresses.

It looks like the program then posts the gathered information somewhere
on the internet. I didn't have the time to disassemble it further.

--
 Ltr!
   (-( Fluor )-)

--
| Be kind to your root filesystem, you'll miss it when it's gone!
| CistroN Internet Services, Linux Specialists & Perl Experts
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8  9BDB D463 7E41 08CE C94D

Current thread:

ILOVEYOU worm, (continued)
- - - ILOVEYOU worm Elias Levy (May 04)
    - don't open email w/ subject line "I love you." (Was: Re: I love you.) Ken Williams (May 04)
    - Re: IL0VEY0U worm Elias Levy (May 04)
    - I Love You.. Repair Program James Wilkins (May 04)
    - Re: IL0VEY0U worm Elias Levy (May 04)
    - Re: IL0VEY0U worm Elias Levy (May 04)
    - Re: IL0VEY0U worm Elias Levy (May 05)
    - New worm? Blue Boar (May 04)
    - Re: New worm? Andri Saar (May 04)
    - Re: New worm? A.T.Z. (May 04)
    - Re: New worm? Sander Smeenk (CistroN Medewerker) (May 04)
    - Re: New worm? M J (May 04)
    - Re: New worm? Erik Kooijman (May 04)
    - email worm, NOT iloveyou Hinken, Brian (May 04)
    - Re: New worm? 3APA3A (May 04)
    - I Love you virus cure for exchange server NT sven (May 04)
    - "I Love You" worm Voodoo Chile (May 04)
    - Re: New worm? Ron DuFresne (May 04)
    - Re: New worm? Bluefish (May 04)
    - lovethingy spread analyses Roelof Temmingh (May 04)
    - I love you. Blue Boar (May 04)

(Thread continues...)