[Top] [All Lists]

OT: A new worm?

Subject: OT: A new worm?
From: Eric <>
Date: Wed, 19 Sep 2001 03:51:11 +0930
With apologies, but this is likely to effect most of us (in one way or another):

Speaking of damn terrorists... for those tekkies out there, we are being
SLAMMED by what looks like a new, maybe MORE-violent-than-CodeRed worm.

Check out

and check your machines.

"Evidently, a new worm is the source of the activity. Once the worm gains
access to a vulnerable IIS webserver, it uses tftp to fetch a binary
called  Admin.dll.octet from the infecting host. An example packet capture
is below (see website )"

"Also, connecting to an attacking webserver using a web browser results in
a attempt to download an executable called readme.eml. Reports indicate
that IE5 will automatically execute the binary." 

We are all up at 03:50 (Central Australian Time) working on it.


/// mailing list
///  or try

<Prev in Thread] Current Thread [Next in Thread>
  • OT: A new worm?, Eric <=