Re: New "concept" virus/worm?

From: Dan Jones (Dan.Jones@colorado.edu)
Date: 09/18/01 

Date: Tue, 18 Sep 2001 11:01:50 -0600
From: Dan Jones <Dan.Jones@colorado.edu>
To: "Jay D. Dyson" <jdyson@treachery.net>
Subject: Re: New "concept" virus/worm?
Message-ID: <20010918110150.M30851@providence.colorado.edu>

It also appears that when users connect to an infected web server the
server will attempt to send/upload readme.exe to the user.

On Tue, Sep 18, 2001 at 09:21:01AM -0700, Jay D. Dyson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Tue, 18 Sep 2001, Joao Gouveia wrote:
>
> > I kept the executables for analysis, if anyone woud like to take a look,
> > drop me an email.
>
> Anyone interested in examining the payload can also pick up a copy
> at http://www.treachery.net/~jdyson/worms/readme.exe (MD5 hash of the
> payload is at http://www.treachery.net/~jdyson/worms/readme.exe.md5).
>
> > So, what I ask is, does anyone know about this worm? I've done a quick
> > search for it and couldn't find nothing like it.
>
> It's a two-prong worm. It appears to be primarily disseminated
> via e-mail, and then launches its attacks on web hosts upon successful
> infection.
>

_______________________________
Dan Jones
Campus IT Security Coordinator - ITS
University of Colorado
303.735.6637 Phone

Relevant Pages

  • Re: New "concept" virus/worm?
    ... Subject: New "concept" virus/worm? ... It also appears that when users connect to an infected web server the ... server will attempt to send/upload readme.exe to the user. ... and then launches its attacks on web hosts upon successful ...
    (Incidents)
  • RE: New "concept" virus/worm?
    ... Subject: New "concept" virus/worm? ... Viruscan, listed as new today. ... It also appears that when users connect to an infected web server the ...
    (Vuln-Dev)
  • Re: New "concept" virus/worm?
    ... Subject: New "concept" virus/worm? ... Dan Jones wrote: ... > It also appears that when users connect to an infected web server the ... I was afraid of that. ...
    (Vuln-Dev)