[KLUG Members] Fw: Concept Virus / Nimda

[Richard Zimmerman]

Here's that forward on an apparant new virus/worm.

Richard

----- Original Message -----
From: "Gary Warner" <gar@askgar.com>
To: <INCIDENTS@securityfocus.com>
Sent: Tuesday, September 18, 2001 1:37 PM
Subject: Concept Virus / Nimda


> Thanks for the advisory regarding the most recent virus.  You might want to
> mention also that infected web servers will attempt to attach a "README.EML"
file
> to every page delivered.  As pointed out by George Guninski's advisory last
year,
> .eml files WILL EXECUTE if viewed in IE 5.0 or higher (unless the browser
has been
> patched by a microsoft update since December 2000, I believe)
>
> To see if YOUR browser has been patched vs. eml embedded files, you could
> check guninski's demo page at:
>
> http://www.guninski.com/eml-desc.html
>
> The news about the attachment was received from http://www.dshield.org/
>
> Symantec has a page about the virus at:
> http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
>
> McAfee's page about the virus is at:
> http://vil.mcafee.com/dispVirus.asp?virus_k=99209
>
> Oh, according to the McAfee advisory, this one is marked internally:
>
> Concept Virus (CV) V.5, Copyright (C) 2001 R.P.China
>
>
>
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>



Richard Zimmerman                                     Richard@knbpower.com
Information Systems Manager                      ke4rit@earthlink.net
K&B Transport, Inc.
Elkhart, Indiana                     Advanced SKYWARN weather spotter

Look Listen and Live!
Support Operation Lifesaver
www.oli.org