Re: Concept Virus(CV) V.5 - Advisory and Quick analysis

• Previous message: Chris Hardie: "Re: New worm segfaults apache"
• In reply to: Olle Segerdahl: "Concept Virus(CV) V.5 - Advisory and Quick analysis"
• Next in thread: Michael H. Warfield: "Re: Concept Virus(CV) V.5 - Advisory and Quick analysis"
• Reply: Michael H. Warfield: "Re: Concept Virus(CV) V.5 - Advisory and Quick analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 18 Sep 2001, Olle Segerdahl wrote:

> Quick analysis indicates that it propagates itself in a number of
> different ways:

any info on how it determines the networks to spread to/ scan? the email
and IIS vulnerability scans are what i'm talking about. is it assuming
class B addresses?

i ask because our netmasks around here are in the neighborhood of /22,
though our severs are seeing scans from the whole /16.

i haven't been tracking the email propogation.

thanks.

____________________________
jose nazario						     joseat_private
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: Jeffrey Altman: "Re: [unisog] Some more details on the worm"
• Previous message: Chris Hardie: "Re: New worm segfaults apache"
• In reply to: Olle Segerdahl: "Concept Virus(CV) V.5 - Advisory and Quick analysis"
• Next in thread: Michael H. Warfield: "Re: Concept Virus(CV) V.5 - Advisory and Quick analysis"
• Reply: Michael H. Warfield: "Re: Concept Virus(CV) V.5 - Advisory and Quick analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 18:08:05 PDT