hwg-techniques archives Sep 2001 new search results previous next

RE: Please Read This Announcement Everyone

by "Timothy Embler" <tembler(at)ultimatewebcreations.com>

 Date:  Tue, 18 Sep 2001 10:45:14 -0700
 To:  <rob(at)tconsult.com>,
<hwg-techniques(at)hwg.org>
 In-Reply-To:  tconsult
  todo: View Thread, Original 
It must have executed the attachment that came with it.

Name of attachment: README.EXE 



-----Original Message-----
From: Rob Taylor [mailto:rob(at)tconsult.com] 
Sent: Tuesday, September 18, 2001 11:46 AM
To: Timothy Embler; hwg-techniques(at)hwg.org
Subject: RE: Please Read This Announcement Everyone


It doesn't have to say it.  I know because I got it.
And I got another one sitting here that I won't touch
until I find a tool to get it off.  If you like I can 
send it to you so you can test it?  I guarantee you when
you are done you'll agree with me.



-----Original Message-----
From: Timothy Embler [mailto:tembler(at)ultimatewebcreations.com]
Sent: Tuesday, September 18, 2001 12:39 PM
To: rob(at)tconsult.com; hwg-techniques(at)hwg.org
Subject: RE: Please Read This Announcement Everyone


It looks like you meant :

http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.nimda.a@m
m.html

I do not see where it states it is activated by highlighting the subject
line.

"Compromised servers may display a webpage prompting a visitor to
download an Outlook file which contains the worm as an attachment"



-----Original Message-----
From: Rob Taylor [mailto:rob(at)tconsult.com] 
Sent: Tuesday, September 18, 2001 11:38 AM
To: Timothy Embler; hwg-techniques(at)hwg.org
Subject: RE: Please Read This Announcement Everyone


No its not doubtful at all.  You don't need to open email
to have viruses run.  Nor would I ever hoax anyone on this list.  

Read this
http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a(at)mm.h




-----Original Message-----
From: Timothy Embler [mailto:tembler(at)ultimatewebcreations.com]
Sent: Tuesday, September 18, 2001 12:28 PM
To: rob(at)tconsult.com; hwg-techniques(at)hwg.org
Subject: RE: Please Read This Announcement Everyone


Sounds like a hoax to me.  Highlighting the subject is causing it to
load?  Seems doubtful.  Where did you hear about this from?

-----Original Message-----
From: owner-hwg-techniques(at)hwg.org [mailto:owner-hwg-techniques(at)hwg.org]
On Behalf Of Rob Taylor
Sent: Tuesday, September 18, 2001 9:04 AM
To: hwg-techniques(at)hwg.org
Subject: Please Read This Announcement Everyone


Hello everyone

I know it is not good practice to send messages about viruses but there
is a nasty one going around.  It has no attachment and it will run just
by highlighting the subject.  Any emails you receive that have the
subject "sample ads sample ads sample ads sample ads sample ads sample
ads sample ads " is a vicious virus of some kind.  I believe it is
grabbing IP addresses (probably from domains in your mailbox) and then
launching heavy denial of service attacks on those web sites.  I habeen
in contact with 3 ISPs this morning who are experiencing difficulties.

Again this is not a hoax and I am only trying to spare some grief.

Regards,

Rob Taylor
TConsult, Inc.
www.tconsult.com
Bullet Proof Member Services Sites
716-367-2483
rob(at)tconsult.com

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA