This does work on its own... I simply loaded the readme.eml and it contained
the embedded mime readme.exe(which I never ran or found on linux system) but
it does propagate thru network shares and to any writeable directories for
the current user. so any samba shares and network connections to w
On Sun, 23 Sep 2001 10:48:43 -0400
burns <[EMAIL PROTECTED]> wrote:
>
> The worm will also propagate through network shares. It isn't going to
> activate and infect a Linux client, but a linux client could 'share' it
to
> other Windows boxes on the same network if they are unlucky enough to
pul
On September 22, 2001 11:31 pm, Tim Wunder wrote:
> Previously, Joel Hammer chose to write:
> > I thought from all I had read about JavaScript that it was designed to be
> > safe.
> > I recall on another list someone said he had downloaded a malicious html
> > doc and others on the list claimed th
On September 21, 2001 10:01 am, Bill Day wrote:
> Of course it is a "problem" but I closed IE before it could dl the file.
> I did let konquerer download the file, figured since it was linux it would
> be pretty much immune to it.. how ever the Java must be the culprit,
> allowing it to write to a
>
> Hi Joel,
> I didn't see anything in the advisory pertaining to Samba, was that something
> you just got from the samba list?
>
There is mention that the infected clients will attempt to spread the worm:
"from client to client via open network shares"
This includes samba.
I don't think ther
Previously, Joel Hammer chose to write:
> I thought from all I had read about JavaScript that it was designed to be
> safe.
> I recall on another list someone said he had downloaded a malicious html
> doc and others on the list claimed that was impossible. This was a long
> time ago, like 8 months
I thought from all I had read about JavaScript that it was designed to be
safe.
I recall on another list someone said he had downloaded a malicious html doc
and others on the list claimed that was impossible. This was a long time
ago, like 8 months.
Anyway, the following update is rather alarming:
Of course it is a "problem" but I closed IE before it could dl the file.
I did let konquerer download the file, figured since it was linux it would be
pretty much immune to it.. how ever the Java must be the culprit, allowing it
to write to any writeable shares and aross open network connections
I went to one of those sites with netscape. I downloaded one file (readme).
Once, I got a TESTING message on my browser. Nothing else.
Don't you think that using IE was the problem?
Joel
On Thu, Sep 20, 2001 at 06:15:48PM -0500, Bill Day wrote:
> Its not your fault, Im nosy 8) I did let it dl th
Its not your fault, Im nosy 8) I did let it dl the .eml file but as to how
I got all those and such was wierd.. They even migrated to samba shares(and
winboxes) somehow. I visited one page (206.230.156.209) with I.E. and closed
all open window imdeiately then trie dwith konquerer figured
Quoting Ronnie Gauthier <[EMAIL PROTECTED]>:
> Wow, sorry. I have not had that kind of trouble. I did find that Opera
> tried
> to DL the .eml file. Never had any .eml or .nws files grow on my box. I
>
> really dont understand how that many .eml and .nws files could get to
> your
> box unless
Wow, sorry. I have not had that kind of trouble. I did find that Opera tried
to DL the .eml file. Never had any .eml or .nws files grow on my box. I
really dont understand how that many .eml and .nws files could get to your
box unless it was some type of javascript problem where it looped for
Hell dont do it with any box.. I have been cleaning out *.eml and *.nws files
for hours
There were some 4000 eml files in just my home directory around 600 nws
for a while I couldnt get my kde2 desktop to run.. i could log in it would
load up then my screen would go blank.. dont know why.. som
e the hell they came from...
On Wednesday 19 September 2001 20:08, you wrote:
> yeah I went there ona winbox yesterday, it was the most common hit from
> nimda worm
>
> it opened a folder i immediately closed it
>
> dont really understand what its trying to do other than open a non
yeah I went there ona winbox yesterday, it was the most common hit from
nimda worm
it opened a folder i immediately closed it
dont really understand what its trying to do other than open a non resizeable
window at 6000x6000... I wasa able to avoid being infected do to dialup
since it takes
On Wednesday 19 September 2001 17:59, Ronnie Gauthier babbled:
> is this what the virus does on its own or is this site setup to infect on
> purpose?
the virus does this. neat trick actually..
--
Douglas J. Hunley ([EMAIL PROTECTED]) - Linux User #174778
Admin: http://hunley.homeip.net/
Dont do this with a win box!
Go here. read the page source. Note the javascript
http://208.163.77.109
then get
http://208.163.77.109/readme.eml
is this what the virus does on its own or is this site setup to infect on
purpose?
--
Ronnie
==
Life can be a dream; or it can be a
17 matches
Mail list logo