Security Incidents mailing list archives
Re: Win32.Invalid.A@mm
From: "Nick FitzGerald" <nick () virus-l demon co uk>
Date: Sun, 2 Sep 2001 11:20:38 +1200
Ryan Russell <ryan () securityfocus com> wrote:
http://www.centralcommand.com/aug30.html Anyone seen a copy of this, yet? It's another worm that purports to be a Microsoft Advisory, this one about an invalid SSl certificate.
As already discussed on focus-virus, this is a media event, not a virus event. Perhaps Central Command's sales have been down this quarter and they felt they needed a publicity boost? By the time Central Command issued its press release, and thus well before any of the major media outlets picked it up, the mail server this thing is hard-coded to relay through had been "fixed" to prevent (externally sourced) relaying so its distribution mechanism was broken and the treat averted (apart from however many copies may have already been posted and waiting in mailboxes for the unwary to run and thus unlease the EXE-crypting payload). MessageLabs' statistics suggest that a trifling handful of people may have been affected by it before the mail relay was stopped. As I write, there have been fewer than 8 detects on ML's current day counter (which could mean zero -- they list the "top ten" and tenth place was Hybris.D with 8 detects), none in their September "Threat List" and none in their August "Threat List". Despite that, private communication from ML suggests they did see a very small number over Thursday/Friday. Regards, Nick FitzGerald ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Win32.Invalid.A@mm Ryan Russell (Sep 01)
- Re: Win32.Invalid.A@mm Nick FitzGerald (Sep 02)