here you are : http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SIRCAM.A Cabezon Aurélien http://www.iSecureLabs.com ----- Original Message ----- From: "borakovej" <borakoveat_private> To: "Tulchinskiy, Sasha" <STulchinskiyat_private>; <incidentsat_private> Sent: Monday, July 23, 2001 10:29 PM Subject: SIRCAM WORM? > Has anyone heard of the SirCam Worm???? > ----- Original Message ----- > From: "Tulchinskiy, Sasha" <STulchinskiyat_private> > To: <incidentsat_private> > Sent: Friday, July 20, 2001 6:45 AM > Subject: RE: CodeRed > > > > BlackICE Agent for Servers reports it to ICECap console as > > Issue 2002608 "ISAPI extension overflow" > > > > Sasha. > > > > -----Original Message----- > > From: Ryan Russell [mailto:ryanat_private] > > Sent: Thursday, July 19, 2001 5:18 PM > > To: incidentsat_private > > Subject: CodeRed > > > > > > Here's a copy of CodeRed, as captured by my elite honeypot: > > > > nc -l -p 80 > c:\gotcha > > > > It's in a password protected .zip file, password is "worm" without the > > quotes. The zip file is only about 2K, so it shouldn't cause undue stress > > on anyone's mail server or client. > > > > There is a rule available for Snort: > > http://www.whitehats.com/info/IDS552 > > > > BlackICE defender spotted this one as "Suspicious URL": > > 39, 2001-07-19 20:05:28, 2002500, Suspicious URL, 203.138.114.17, > > st0017.nas911.sapporo.nttpc.ne.jp, x.x.x.x, , , 1, > > > > And I'm not aware of other IDS' that catch this. (Though I'd like to be > > corrected if that's not the case.) > > > > Ryan > > > > > > -------------------------------------------------------------------------- > -- > > > > > > This list is provided by the SecurityFocus ARIS analyzer service. > > For more information on this free incident handling, management > > and tracking system please see: > > > > http://aris.securityfocus.com > > > > > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 09:02:40 PDT