Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 1999-q4

NTBugtraq And NTSecurity Archives: Alert: W32.NewApt.Worm being

Alert: W32.NewApt.Worm being sent to NTBugtraq subscribers

Subject: Alert: W32.NewApt.Worm being sent to NTBugtraq subscribers
From: Russ (Russ.CooperRC.ON.CA)
Date: Thu Dec 16 1999 - 09:12:45 CST

Next message: Jesse Aaron Safir: "New ACL editor from SCM in Win9x NT Server Tools?"
Previous message: luciano: "Infoseek Ultraseek Remote Buffer Overflow"
Next in thread: Russ: "Re: Alert: W32.NewApt.Worm being sent to NTBugtraq subscribers"
Reply: Russ: "Re: Alert: W32.NewApt.Worm being sent to NTBugtraq subscribers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

Folks,

I have now received two notices from past posters that they have
received the W32.NewApt.Worm in response to messages they previously
sent to NTBugtraq. In one case, the original message was sent in
February, in the other, it was sent in June.

In one case the message appeared to be sent from
ntbugtraqlistserv.ntbugtraq.com. In the other case it appeared to
come to the original poster, from the original poster. Clearly how
your SMTP server displays headers may affect how it appears.

In any event, the subject line is an old NTBugtraq message subject
line. The message includes at least one attachment, g-zilla.exe. The
attachment is the Worm.

Read my Safe Email Practices Open Letter and distribute it as widely
as you see fit.
http://ntbugtraq.ntadvice.com/safemail.asp

I suspect that the worm is probably being sent to NTBugtraq
subscribers due to one subscriber being infected and causing old
NTBugtraq messages to be seen as new messages in their email client
(which can happen in Exchange, for example, when you copy a folder
over from one mailbox/PF to another). I don't believe we're being
targeted specifically, although this may be the case.

In any event, make sure you have updated your AV engines since this
virus was first discovered this week.

Some descriptions of the worm;

Trend Micro Description
http://www.antivirus.com/vinfo/security/sa121499.htm

NAI Avert Description
http://vil.nai.com/vil/wm10475.asp

Symantec Description
http://www.symantec.com/avcenter/venc/data/worm.newapt.html

F-Secure Description
http://www.europe.f-secure.com/v-descs/newapt.htm

Cheers,
Russ - NTBugtraq Editor

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2

iQCVAwUBOFkCVBBh2Kw/l7p5AQEnUAQA4cJGGS75T7ZRMjAACJQQAtLUC4mRpnkn
Gjzm3YeQ7HImZ3GyFNcta0bKH+r/XeCJdqVGwJQ5Gf+H+hVMn1Oo3+JXwBUESJmp
3p0LZ8fsAvKRItO8OwLyED+OvCiJVeoWVQGAkq1pV/NDBeNRHIMUATWq7156fdFC
i2llqaHpFz8=
=cpMm
-----END PGP SIGNATURE-----

Next message: Jesse Aaron Safir: "New ACL editor from SCM in Win9x NT Server Tools?"
Previous message: luciano: "Infoseek Ultraseek Remote Buffer Overflow"
Next in thread: Russ: "Re: Alert: W32.NewApt.Worm being sent to NTBugtraq subscribers"
Reply: Russ: "Re: Alert: W32.NewApt.Worm being sent to NTBugtraq subscribers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Thu Dec 16 1999 - 09:14:31 CST