[42604] in North American Network Operators' Group
Re: Worm probes
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Sep 18 12:53:32 2001
Date: Tue, 18 Sep 2001 12:46:41 -0400
From: Jared Mauch <jared@puck.Nether.net>
To: Tim Winders <twinders@SPC.cc.tx.us>
Cc: Mark Radabaugh - Amplex <mark@amplex.net>, nanog@merit.edu
Message-ID: <20010918124641.R14985@puck.nether.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.OSF.4.40.0109181122300.436703-100000@barney.spc.cc.tx.us>; from twinders@SPC.cc.tx.us on Tue, Sep 18, 2001 at 11:23:30AM -0500
Errors-To: owner-nanog-outgoing@merit.edu
I just got an e-mail with
Subject: Central Command News for 09/14/2001 (Virus Update Notification)
It had readme.exe attached to it. Obviously one should not
open this.
Time to create a new .procmail rule.
On Tue, Sep 18, 2001 at 11:23:30AM -0500, Tim Winders wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I just received this update from Sophos. Perhaps this is the virus that
> is spreading?
-- snip --
> Description:
>
> W32/Nimda-A is an email-aware virus that spreads using an
> attached filename of README.EXE.
>
> Sophos researchers are continuing to examine the virus and will
> be posting a more detailed description of the virus on the
> Sophos website once the analysis is complete.
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
