RE: New "concept" virus/worm?

From: Don Weber (Don@AirLink.com)
Date: 09/18/01 

From: "Don Weber" <Don@AirLink.com>
To: "Dan Jones" <Dan.Jones@colorado.edu>, "Jay D. Dyson" <jdyson@treachery.net>
Subject: RE: New "concept" virus/worm?
Date: Tue, 18 Sep 2001 11:15:42 -0700
Message-ID: <BAEBKBIMJFMJDDHPLBHKMEJJDNAA.Don@AirLink.com>

I jsut found an Update on McAfee's website
http://vil.mcafee.com/dispVirus.asp?virus_k=99209& for the new sdat for
Viruscan, listed as new today.

-----Original Message-----
From: Dan Jones [mailto:Dan.Jones@colorado.edu]
Sent: Tuesday, September 18, 2001 10:02 AM
To: Jay D. Dyson
Cc: Incidents List; Vuln Dev
Subject: Re: New "concept" virus/worm?

It also appears that when users connect to an infected web server the
server will attempt to send/upload readme.exe to the user.

On Tue, Sep 18, 2001 at 09:21:01AM -0700, Jay D. Dyson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Tue, 18 Sep 2001, Joao Gouveia wrote:
>
> > I kept the executables for analysis, if anyone woud like to take a look,
> > drop me an email.
>
> Anyone interested in examining the payload can also pick up a copy
> at http://www.treachery.net/~jdyson/worms/readme.exe (MD5 hash of the
> payload is at http://www.treachery.net/~jdyson/worms/readme.exe.md5).
>
> > So, what I ask is, does anyone know about this worm? I've done a quick
> > search for it and couldn't find nothing like it.
>
> It's a two-prong worm. It appears to be primarily disseminated
> via e-mail, and then launches its attacks on web hosts upon successful
> infection.
>

_______________________________
Dan Jones
Campus IT Security Coordinator - ITS
University of Colorado
303.735.6637 Phone

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: New "concept" virus/worm?
    ... Subject: New "concept" virus/worm? ... It also appears that when users connect to an infected web server the ... server will attempt to send/upload readme.exe to the user. ... and then launches its attacks on web hosts upon successful ...
    (Incidents)
  • Re: New "concept" virus/worm?
    ... Subject: New "concept" virus/worm? ... It also appears that when users connect to an infected web server the ... server will attempt to send/upload readme.exe to the user. ... and then launches its attacks on web hosts upon successful ...
    (Vuln-Dev)
  • Re: New "concept" virus/worm?
    ... Subject: New "concept" virus/worm? ... Dan Jones wrote: ... > It also appears that when users connect to an infected web server the ... I was afraid of that. ...
    (Vuln-Dev)