On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman <bryanh@communitech.net> said:
We're also seeing a large increase in this activity. This seems to be more severe than the first time. Have an additional 30 to 40 meg inbound from this.
This seems to be the culprit: Concept Virus(CV) V.5, Copyright(C)2001 R.P.China I've nailed a copy, and am working on getting it to the right security people. A *PRELIMINARY* (eyeballing the output of 'strings' indicates that this one *both* sends itself via-email a la SirCam, *AND* scans for vulnerable web servers, and if it finds a vulnerable server, it causes anybody visiting that webpage to be offered a contaminated .exe as well. I do *NOT* have a handle on what malicious effects it has other than just propagating. This one's nasty, folks... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech