I wonder if ... Afghanistan ... taliban .... holy war ...? We need to start back-tracing this one, methinks. |> -----Original Message----- |> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] |> Sent: Tuesday, September 18, 2001 8:30 AM |> To: Bryan Heitman |> Cc: nanog@merit.edu |> Subject: Re: Worm probes |> |> |> On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman |> <bryanh@communitech.net> said: |> > |> > We're also seeing a large increase in this activity. This |> seems to be more |> > severe than the first time. Have an additional 30 to 40 |> meg inbound from |> > this. |> |> This seems to be the culprit: |> |> Concept Virus(CV) V.5, Copyright(C)2001 R.P.China |> |> I've nailed a copy, and am working on getting it to the |> right security |> people. A *PRELIMINARY* (eyeballing the output of 'strings' |> indicates that |> this one *both* sends itself via-email a la SirCam, *AND* |> scans for vulnerable |> web servers, and if it finds a vulnerable server, it causes |> anybody visiting |> that webpage to be offered a contaminated .exe as well. |> |> I do *NOT* have a handle on what malicious effects it has |> other than just |> propagating. |> |> This one's nasty, folks... |> |> -- |> Valdis Kletnieks |> Operating Systems Analyst |> Virginia Tech |> |>
On Tue, Sep 18, 2001 at 08:48:43AM -0700, Roeland Meyer wrote:
I wonder if ...
Afghanistan ... taliban .... holy war ...?
We need to start back-tracing this one, methinks.
go for the root cause. send the US military forces out to eliminate microsoft and their weak security.
|> -----Original Message----- |> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] |> Sent: Tuesday, September 18, 2001 8:30 AM |> To: Bryan Heitman |> Cc: nanog@merit.edu |> Subject: Re: Worm probes |> |> |> On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman |> <bryanh@communitech.net> said: |> > |> > We're also seeing a large increase in this activity. This |> seems to be more |> > severe than the first time. Have an additional 30 to 40 |> meg inbound from |> > this. |> |> This seems to be the culprit: |> |> Concept Virus(CV) V.5, Copyright(C)2001 R.P.China |> |> I've nailed a copy, and am working on getting it to the |> right security |> people. A *PRELIMINARY* (eyeballing the output of 'strings' |> indicates that |> this one *both* sends itself via-email a la SirCam, *AND* |> scans for vulnerable |> web servers, and if it finds a vulnerable server, it causes |> anybody visiting |> that webpage to be offered a contaminated .exe as well. |> |> I do *NOT* have a handle on what malicious effects it has |> other than just |> propagating. |> |> This one's nasty, folks... |> |> -- |> Valdis Kletnieks |> Operating Systems Analyst |> Virginia Tech |> |>
-- [ Jim Mercer jim@reptiles.org +1 416 410-5633 ] [ Now with more and longer words for your reading enjoyment. ]
participants (2)
-
Jim Mercer
-
Roeland Meyer