RE: New "concept" virus/worm?

From: Ronny Vaningh (ronnyat_private)
Date: Tue Sep 18 2001 - 09:50:22 PDT

Next message: Jeremy 'Circ' Charles: "Re: Explorer Dr. Watsons"

Previous message: Dave Sill: "Re: Concept Virus(CV) V.5 - Advisory and Quick analysis"
Next in thread: Christian Hampson: "RE: New "concept" virus/worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.sarc.com/avcenter/venc/data/w32.nimda.aat_private

But also through network shares

-----Original Message-----
From: Jay D. Dyson [mailto:jdysonat_private] 
Sent: dinsdag 18 september 2001 18:21
To: Incidents List
Cc: Vuln Dev
Subject: Re: New "concept" virus/worm?


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 18 Sep 2001, Joao Gouveia wrote:

> I kept the executables for analysis, if anyone woud like to take a 
> look, drop me an email.

	Anyone interested in examining the payload can also pick up a
copy at http://www.treachery.net/~jdyson/worms/readme.exe (MD5 hash of
the payload is at
http://www.treachery.net/~jdyson/worms/readme.exe.md5).

> So, what I ask is, does anyone know about this worm?  I've done a 
> quick search for it and couldn't find nothing like it.

	It's a two-prong worm.  It appears to be primarily disseminated
via e-mail, and then launches its attacks on web hosts upon successful
infection.

- -Jay

  (    (
_______
  ))   ))   .--"There's always time for a good cup of coffee"--.
>====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) |    =
|-'
 `--' `--'  `-- What doesn't kill us only makes us stronger. --'
`------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBO6dmYLlDRyqRQ2a9AQHrDwQAg2IRpTh5c9hzhk1NTWdR3Ta6lsnmn5rg
KUPnc6lpecvtiaYkPxPTiSuQT4sUndXOfS5eaHn9JagI/bFGcRAWHW1tRFzafU1N
1TX57UiRYo9abt5DBbh7sdIsRrm3nhFaifkzog7yQp46B/GzvzlCeBT/4CeIbgXY
gg1laOKK4AY=
=OrqU
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service. For
more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jeremy 'Circ' Charles: "Re: Explorer Dr. Watsons"
Previous message: Dave Sill: "Re: Concept Virus(CV) V.5 - Advisory and Quick analysis"
Next in thread: Christian Hampson: "RE: New "concept" virus/worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 13:54:30 PDT