RE: ALEVRIUS!

From: Rob Shein (shotenat_private)
Date: Thu Feb 06 2003 - 15:31:32 PST

Next message: Brad Arlt: "Re: email address probes"

Previous message: H C: "Re: Netbios Name Scans/opaserv worm"
In reply to: Geert Kiers: "ALEVRIUS!"
Next in thread: James C Slora Jr: "RE: ALEVRIUS!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Can you provide a little more information?  Like port numbers?
UDP/TCP/ICMP?  Anything?  I assume you've checked Google already, so you may
not have much more than we do at this point.

> -----Original Message-----
> From: Geert Kiers [mailto:kwebat_private] 
> Sent: Thursday, February 06, 2003 1:39 PM
> To: incidentsat_private
> Subject: ALEVRIUS!
> 
> 
> Greetings:
> 
> I'd rather just read the mail and not be a regular.  Too many 
> auto respondeers coming back at me say "I'm not in until such 
> and such a time. In case of emergency contact ....", each 
> time I post but...  I have a problem, I think.
> 
> Who or what is ALEVRIUS!
> 
> Is it related to ALEVIR or the Opaserv/Opasoft worm?
> 
> The reason I ask, we had a number of weird things happening 
> on our little network this morning so I decided to run MS 
> Netmon and captue a while.
> When I finished capturing I did a Find All Names.   and it 
> discovered a new
> one:
> 
> ALEVRIUS! [no transposition (sp?) error.  It is ALEVRIUS! 
> with the exclamation mark] associated with a specific ip 
> address with a valid appearing dynamic DNS name.
> 
> Now we run mainly NT servers and I get the sense that if it 
> is ALEVIR that our hosts may not get infected.  Still I am 
> scanning our drives for occurances of alevir, scrsvr, brasil, 
> marco!, instit, mqbkup and mmstask. In all cases hoping (or 
> not) to find the .exe file which is supposed to be the 
> driver.  As a last thought, I also searched for alevrius.  
> All searches were negative.
> 
> I did a search of online.securityfoucs.com/archives for both 
> alevir and alevrius! but found not match.  I assume, then. 
> that this is either a new topic or one of little importance.  
> Can anyone enlighten me?
> 
> Regards,
> 
> Geert
> 
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer 
> service. For more information on this free incident handling, 
> management 
> and tracking system please see: http://aris.securityfocus.com
> 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Brad Arlt: "Re: email address probes"
Previous message: H C: "Re: Netbios Name Scans/opaserv worm"
In reply to: Geert Kiers: "ALEVRIUS!"
Next in thread: James C Slora Jr: "RE: ALEVRIUS!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 07 2003 - 10:39:48 PST