 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 31 Aug 2001 16:09:05 +0300 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
actually, this virus sent by anhvu is NOT Code Red.. this is the same "old"
w95/magistr (the "old" version of SirCam, the one with "hi!how are you"
message) - only the filename is different.
but it still is a virus, and _not_ one of the harmless kind.
a.
At 12:10 01.08.30. +0300, you wrote:
>>>My computer says the attachments from this recent posting from "anhvu" on
>>>the listserve are infected. DO NOT OPEN!!!
>>>
>>>
>>>From: anhvu <[log in to unmask]>
>
>This was immediately suspicious. A one-hundred kilobyte message?
>
>I hope that list members will refrain from posting attachments to this
>list. And also from posting in HTML fomat. Sending attachments to a
>list is generally a bad idea and virus infections may be spread by
>code imbedded in HTML messages that calls the virus when the message
>is opened from a machine that is still online. Anything that
>absolutely needs to be distributed can be posted on the web and the
>URL announced on the list. The defunct e-groups issued all of their
>electronic forums with a "vault" expressly for file distribution.
>
>
>CODE RED WORM
>
>If you who may be running WinNT or Win2000 operating systems and have
>not expressly taken precautions to protect yourself you are exposed to
>attack. The worm is a parasite that enables those who distribute it to
>control infected machines remotely via the Windows IIS Personal Web
>Server. Estimates are that some 100,000 personal computers around the
>world are now Code Red zombies. Most people operating infected
>machines are unaware of the presence of a virus that has turned their
>machines collectively into a powerful weapon in the hands of persons
>unknown.
>
>The worm enters your computer while you are online by probing your
>ports and entering, typically, through port 80, if it finds it open. A
>friend of mine who is online most of the time intercepts 5 to 10 of
>these worms a day. The first massive attack on July 1st infected more
>than 300,000 machines world wide in the space of twelve hours. A
>second wave occurred on August 1st, a third is expected on Saturday,
>September 1st.
>
>Please investigate this yourselves. Check to see whether or not you
>are running Microsoft Personal Web server - some implementations of
>Windows install this as default. If you are, then assume that you are
>infected. Check the Microsoft web site and take steps to remove the
>worm and then either shut down IIS or download and install the MS
>patch to protect yourself from the worm if you continue to use IIS.
>The patch is not effective if your machine is already infected.
>
>The worm does not appear to be designed to damage your system or your
>hardware, but rather to use your equipment for purposes that are
>impossible to ascertain.
>
>
>Best regards,
>
>
>Omar
>
>To join or leave this LISTSERV list, please visit the list's web interface at:
> http://listserv.muohio.edu/archives/ateg.html
>and select "Join or leave the list"
>
>Visit ATEG's web site at http://ateg.org/
>
To join or leave this LISTSERV list, please visit the list's web interface at:
http://listserv.muohio.edu/archives/ateg.html
and select "Join or leave the list"
Visit ATEG's web site at http://ateg.org/
|
|
|
