Re: Win32.Sircam.Worm Alert.....

From: Su Wadlow (swadlow@utdallas.edu)
Date: 07/30/01


Date: Sun, 29 Jul 2001 18:53:51 -0500 (CDT)
From: Su Wadlow <swadlow@utdallas.edu>
To: vuln-dev@securityfocus.com, SECURITY-BASICS@securityfocus.com
Subject: Re: Win32.Sircam.Worm Alert.....
Message-ID: <Pine.GSO.4.21.0107291813400.1839-100000@apache.utdallas.edu>

On Fri, 27 Jul 2001, Brad Cox wrote:

> At 3:07 PM +1000 7/27/01, Juanita Fernando wrote:
> >We were caught by surprise by the virus.. it affected 200 workstations
>
> You didn't know you were using Microsoft servers which are
> particularly vulnerable to this kind of stuff?

Er, the kind of *servers* a location has doesn't have any
bearing on the spread of this worm. The worm propagates by
users (yes, on MS Windows systems) opening the attachment,
thereby running the worm's executable code. However, the
*server* which delivers the infected message can be running
pretty much *any* OS.

I got a copy of the worm at another of my accounts. That
server runs Linux. What kept my *desktop* from getting
infected (besides the fact that I didn't actually open the
attachment) is that it runs Linux, and is therefore not
susceptible.

-- 
Su Wadlow
swadlow@utdallas.edu
  If I have to explain, you wouldn't understand



Relevant Pages

  • Nimda Worm Alert - What Ive done so far.
    ... Download/Install URL Scan for www servers. ... A new worm named W32/Nimda-A (known aliases are Nimda, Minda, Concept ... Microsoft IIS 4.0/5.0 File Permission Canonicalization Vulnerability ...
    (Focus-Microsoft)
  • Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]
    ... computers that are currently infected with the Sobig.F worm ... > infected device possibly involving the "master servers," the others opened ... > This press release comes from F-Secure. ... > has been added to our lists without your consent, ...
    (microsoft.public.security)
  • Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]
    ... computers that are currently infected with the Sobig.F worm ... > infected device possibly involving the "master servers," the others opened ... > This press release comes from F-Secure. ... > has been added to our lists without your consent, ...
    (microsoft.public.inetserver.iis.security)
  • Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]
    ... computers that are currently infected with the Sobig.F worm ... > infected device possibly involving the "master servers," the others opened ... > This press release comes from F-Secure. ... > has been added to our lists without your consent, ...
    (microsoft.public.windowsxp.security_admin)
  • RE: New "concept" virus/worm?
    ... The W32.Nimda.A@mm worm infects IIS servers by exploiting the 'MS IIS/PWS ... opening the attachment will infect the machine. ... The virus comes at a time of heightened sensitivity to Internet attack. ...
    (Vuln-Dev)