Re: reports of DCOM worm on the loose...Report #4a

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 08/12/03

  • Next message: Russ: "Re: reports of DCOM worm on the loose...Report #4b" 
    Date:         Tue, 12 Aug 2003 14:02:00 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Uncorroborated Reports:
    - XP Home system using AOL Dial-up connection got infected
    - Worm has been found in Excel Spread*** and an RTF file (I've asked for copies, no reply yet)

    Corroborated Reports:
    - Yes, this is definitely possible, AOL Dial-up connections can be infected (AOL isn't or wasn't preventing them from being infected.)

    - Worm was not found in any document. The reporter was using;

    GriSoft AVG AntiVirus 7.0
    Version: 7.0.154
    Virus Base: 259.11.0
    Release Date: 8/12/2003

    That product incorrectly identified the word "masterblend" as being LovSAN in two different files (a .csv and a .rtf). How stupid is this??? Can you imagine using "aster" as an identifier for LovSAN? Someone should go give GriSoft a slap upside the head!

    Cheers,
    Russ - NTBugtraq Editor

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Russ: "Re: reports of DCOM worm on the loose...Report #4b"
    • Quantcast