I jsut found an Update on McAfee's website http://vil.mcafee.com/dispVirus.asp?virus_k=99209& for the new sdat for Viruscan, listed as new today. -----Original Message----- From: Dan Jones [mailto:Dan.Jonesat_private] Sent: Tuesday, September 18, 2001 10:02 AM To: Jay D. Dyson Cc: Incidents List; Vuln Dev Subject: Re: New "concept" virus/worm? It also appears that when users connect to an infected web server the server will attempt to send/upload readme.exe to the user. On Tue, Sep 18, 2001 at 09:21:01AM -0700, Jay D. Dyson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On Tue, 18 Sep 2001, Joao Gouveia wrote: > > > I kept the executables for analysis, if anyone woud like to take a look, > > drop me an email. > > Anyone interested in examining the payload can also pick up a copy > at http://www.treachery.net/~jdyson/worms/readme.exe (MD5 hash of the > payload is at http://www.treachery.net/~jdyson/worms/readme.exe.md5). > > > So, what I ask is, does anyone know about this worm? I've done a quick > > search for it and couldn't find nothing like it. > > It's a two-prong worm. It appears to be primarily disseminated > via e-mail, and then launches its attacks on web hosts upon successful > infection. > _______________________________ Dan Jones Campus IT Security Coordinator - ITS University of Colorado 303.735.6637 Phone ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 17:20:20 PDT