Concept Virus / Nimda

From: Gary Warner (gar@askgar.com)
Date: 09/18/01

• Previous message: Guillaume TARRARE: "RE: New "concept" virus/worm?"
• In reply to: H C: "Re: Any one seen any evidence of "Code Blue?""
• Next in thread: Grab Raham: "RE: Concept Virus / Nimda"
• Next in thread: Pedro Miller Rabinovitch: "Re: Any one seen any evidence of "Code Blue?""
• Reply: Grab Raham: "RE: Concept Virus / Nimda"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <3BA79450.13BDCD6F@askgar.com>
Date: Tue, 18 Sep 2001 13:37:04 -0500
From: Gary Warner <gar@askgar.com>
To: INCIDENTS@securityfocus.com
Subject: Concept Virus / Nimda

Thanks for the advisory regarding the most recent virus. You might want to
mention also that infected web servers will attempt to attach a "README.EML" file
to every page delivered. As pointed out by George Guninski's advisory last year,
.eml files WILL EXECUTE if viewed in IE 5.0 or higher (unless the browser has been
patched by a microsoft update since December 2000, I believe)

To see if YOUR browser has been patched vs. eml embedded files, you could
check guninski's demo page at:

http://www.guninski.com/eml-desc.html

The news about the attachment was received from http://www.dshield.org/

Symantec has a page about the virus at:
http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

McAfee's page about the virus is at:
http://vil.mcafee.com/dispVirus.asp?virus_k=99209

Oh, according to the McAfee advisory, this one is marked internally:

Concept Virus (CV) V.5, Copyright (C) 2001 R.P.China

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

---

• Previous message: Guillaume TARRARE: "RE: New "concept" virus/worm?"
• In reply to: H C: "Re: Any one seen any evidence of "Code Blue?""
• Next in thread: Grab Raham: "RE: Concept Virus / Nimda"
• Next in thread: Pedro Miller Rabinovitch: "Re: Any one seen any evidence of "Code Blue?""
• Reply: Grab Raham: "RE: Concept Virus / Nimda"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [Full-disclosure] RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I ... The Orange virus filtering service discovered a virus or unauthorised code in an email sent to you. ... with the .vbs extension the file will be ... The information in this advisory and any of its ... (Full-Disclosure) Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" ... Attached goes a working "I Love You" virus in which I ... Panda Antivirus Client-Shield will not found nothing. ... It's supposed that Panda TruePrevent and ClamAV should ... demonstrations provided in any part of this advisory. ... (Bugtraq) [Full-disclosure] Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love ... Attached goes a working "I Love You" virus in which I ... Panda Antivirus Client-Shield will not found nothing. ... ClamAV detect's it. ... demonstrations provided in any part of this advisory. ... (Full-Disclosure) Re: The Dwarf Beneath the Bed ... Sometimes she doesn't smile when being petted. ... than to trip the caller's virus checker. ... sort of cooky in the o/s rather than in the browser only. ... You may not have the tick, ... (rec.arts.poems) Re: The Dwarf Beneath the Bed ... Sometimes she doesn't smile when being petted. ... than to trip the caller's virus checker. ... sort of cooky in the o/s rather than in the browser only. ... You may not have the tick, ... (rec.arts.poems)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > incidents  > 2001-09