RE: New "concept" virus/worm?

From: Tom Brenner (tomat_private)
Date: Tue Sep 18 2001 - 11:35:38 PDT

Next message: Aj Effin Reznor: "More on the Worm"

Previous message: Brett Glass: "Re: New "concept" virus/worm?"
In reply to: Dave Salovesh: "RE: New "concept" virus/worm?"
Next in thread: John Thornton: "RE: New "concept" virus/worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Right.  We have it on a 98 machine here.  Our Win2K server was protected but
it appears our NT server is afflicted.  I thought I had the NT machine all
up to date, but.....

Tom Brenner
Director of Operations
Midwest Internet Connections & Services, Inc.
Phone: (937) 297-6212  Fax: (937) 297-6214
Toll Free Outside Dayton Area: 1-877-get-4fam
Visit our home page at: http://www.4fam.net

-----Original Message-----
From: Dave Salovesh [mailto:saloveshat_private]
Sent: Tuesday, September 18, 2001 1:21 PM
To: 'Brett Glass'; Jay D. Dyson; Incidents List
Cc: Vuln Dev
Subject: RE: New "concept" virus/worm?

It infects 98 (I've got it on the one 98 workstation we run) and may have
been involved in infecting two of NT4 servers.

I also have two UNinfected NT4 servers that are patched to about the same
level as the infected ones - not quite completely patched, but I think I've
selected all the appropriate ones for the role each server plays.

My W2K server is patched up to the minute and didn't get infected.  So
far...

--
Dave Salovesh
RAM Associates, Inc.
(800) 543-3635

> -----Original Message-----
> From: Brett Glass [mailto:brettat_private]
> Sent: Tuesday, September 18, 2001 12:58 PM
> To: Jay D. Dyson; Incidents List
> Cc: Vuln Dev
> Subject: Re: New "concept" virus/worm?
>
>
> At 10:21 AM 9/18/2001, Jay D. Dyson wrote:
>
> >        It's a two-prong worm.  It appears to be primarily
> disseminated
> >via e-mail, and then launches its attacks on web hosts upon
> successful
> >infection.
>
> Newsbytes is calling this worm "Code Rainbow," while some of
> the antivirus
> firms seem to be calling it "W32.Nimda.A@mm".
>
> Can the e-mail infect anything other than Windows NT/2000?
> Will it infect
> a system that's running Windows NT/2000 but not IIS? If a
> Windows 95/98/ME
> user opens it, will his or her system begin to spread the
> worm as well?
>
> --Brett Glass
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.280 / Virus Database: 147 - Release Date: 9/11/2001

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.280 / Virus Database: 147 - Release Date: 9/11/2001

Next message: Aj Effin Reznor: "More on the Worm"
Previous message: Brett Glass: "Re: New "concept" virus/worm?"
In reply to: Dave Salovesh: "RE: New "concept" virus/worm?"
Next in thread: John Thornton: "RE: New "concept" virus/worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 13:09:47 PDT