[Gllug] Virus or worm?

bredroll at nereus.host4u.net bredroll at nereus.host4u.net
Fri Jul 27 00:03:40 UTC 2001


Hello

On Fri, 27 Jul 2001, Jake Jellinek wrote:

> I've received the same virus/worm now from over 200 different sources in the
> past 2 days, it's probably the most travelled and infected I've ever seen
> any virus get, but I think the media are bored of reporting it other than
> just "another virus". It got past a lot of the more commonly used virus
> scanners initially, which is one of the reason it appears to have infected
> so well. I hear from my sister-in-law (who I haven't yet managed to wean off
> Hotmail (although this may have changed her mind)) that their built in virus
> checking completely missed it, and continued to miss it for a long after it
> was recognised.

are you aware which mail server send the messages to you? it could be
possible to trackback and find others who have been infected and you could
possibly see what the file weapon payload is?


> The virus sends out random documents with double extensions which are
> infected themselves, and can be embarrasing. It uses various address lists I
> believe, and of course primarly affects Outlook/Windows  users. I've also
> heard that on the 16th of October it will try to delete all files on an
> infected system.

* thinks isolated vmware winnt machine set date to 16th oct and get some
popcorn*

email viri are a potential threat to unixes, just thinking along the lines
if something like this could get thru most filters then drop its trojan
load inside a firewall, possibly take advantage of its new internal
location and maybe even dos a linux box?

just think 1 copy gets in, spreads over the lan inside an office to say 50
stations and then one day all of them attack the servers at the same time.
yipes, clever but yipes!

bredroll



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list