It also appears that when users connect to an infected web server the server will attempt to send/upload readme.exe to the user. On Tue, Sep 18, 2001 at 09:21:01AM -0700, Jay D. Dyson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On Tue, 18 Sep 2001, Joao Gouveia wrote: > > > I kept the executables for analysis, if anyone woud like to take a look, > > drop me an email. > > Anyone interested in examining the payload can also pick up a copy > at http://www.treachery.net/~jdyson/worms/readme.exe (MD5 hash of the > payload is at http://www.treachery.net/~jdyson/worms/readme.exe.md5). > > > So, what I ask is, does anyone know about this worm? I've done a quick > > search for it and couldn't find nothing like it. > > It's a two-prong worm. It appears to be primarily disseminated > via e-mail, and then launches its attacks on web hosts upon successful > infection. > _______________________________ Dan Jones Campus IT Security Coordinator - ITS University of Colorado 303.735.6637 Phone
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 15:52:52 PDT