[42677] in North American Network Operators' Group
Re: Worm probes
daemon@ATHENA.MIT.EDU (Jim Mercer)
Tue Sep 18 18:58:34 2001
Date: Tue, 18 Sep 2001 13:29:46 -0400
From: Jim Mercer <jim@reptiles.org>
To: Roeland Meyer <rmeyer@mhsc.com>
Cc: "'Valdis.Kletnieks@vt.edu'" <Valdis.Kletnieks@vt.edu>,
Bryan Heitman <bryanh@communitech.net>, nanog@merit.edu
Message-ID: <20010918132946.N29136@reptiles.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <EA9368A5B1010140ADBF534E4D32C728069ED9@condor.mhsc.com>; from rmeyer@mhsc.com on Tue, Sep 18, 2001 at 08:48:43AM -0700
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, Sep 18, 2001 at 08:48:43AM -0700, Roeland Meyer wrote:
> I wonder if ...
>
> Afghanistan ... taliban .... holy war ...?
>
> We need to start back-tracing this one, methinks.
go for the root cause.
send the US military forces out to eliminate microsoft and
their weak security.
>
> |> -----Original Message-----
> |> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
> |> Sent: Tuesday, September 18, 2001 8:30 AM
> |> To: Bryan Heitman
> |> Cc: nanog@merit.edu
> |> Subject: Re: Worm probes
> |>
> |>
> |> On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman
> |> <bryanh@communitech.net> said:
> |> >
> |> > We're also seeing a large increase in this activity. This
> |> seems to be more
> |> > severe than the first time. Have an additional 30 to 40
> |> meg inbound from
> |> > this.
> |>
> |> This seems to be the culprit:
> |>
> |> Concept Virus(CV) V.5, Copyright(C)2001 R.P.China
> |>
> |> I've nailed a copy, and am working on getting it to the
> |> right security
> |> people. A *PRELIMINARY* (eyeballing the output of 'strings'
> |> indicates that
> |> this one *both* sends itself via-email a la SirCam, *AND*
> |> scans for vulnerable
> |> web servers, and if it finds a vulnerable server, it causes
> |> anybody visiting
> |> that webpage to be offered a contaminated .exe as well.
> |>
> |> I do *NOT* have a handle on what malicious effects it has
> |> other than just
> |> propagating.
> |>
> |> This one's nasty, folks...
> |>
> |> --
> |> Valdis Kletnieks
> |> Operating Systems Analyst
> |> Virginia Tech
> |>
> |>
--
[ Jim Mercer jim@reptiles.org +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]
