[thelist] another worm?

Ben Dyer ben_dyer at imaginuity.com
Tue Sep 18 12:11:48 CDT 2001


This is the most I can find so far:

http://www.cert.org/current/current_activity.html#port80
http://hacktivism.openflows.org/article.pl?sid=01/08/13/1237245&mode=nocomment
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0109&L=ntbugtraq&F=P&S=&P=1747

This is a doozy but details are sketchy.  It seems to be playing on the 
vulnerabilites left by Code Red II.

--Ben

At 10:19 AM 9/18/2001, you wrote:

>ok, a few of our clients were hit this morning by something that
>tries to get your browser (on windows) to download a .eml file
>which it would then launch via an .exe...
>
>i can't get to any virus sites, since all web traffic coming and going
>is pretty hosed right now...
>
>so, is there a new worm out there?  the IIS servers affected were
>*supposedly* patched against the last batch...
>
>anyone?
>
>
>---------------------------------------
>For unsubscribe and other options, including
>the Tip Harvester and archive of TheList go to:
>http://lists.evolt.org Workers of the Web, evolt !

-------------------------
Ben Dyer
Senior Internet Developer
Imaginuity Interactive
http://www.imaginuity.com
-------------------------
  Quidquid latine dictum
    sit, altum videtus.
-------------------------






More information about the thelist mailing list