David Collier-Brown - Sun Canada
2000-Apr-07 11:25 UTC
FYI: followup on 911 "share" virus.
The SANS Institute <sans@sans.org> wrote: | This week saw many immediate alerts (including those from SANS and NIPC) | about the "911" virus. Symantec has dubbed it "BAT.Chode.Worm." The | virus is actually a set of batch files; its propagation method is | similar to "net use /yes j: \\RANDOM-IP" and it attempts to find | nonpassword protected shares on a system (presumably Microsoft Windows | 95/98). The actual modem interaction portion is due to a "echo A | echo | ATDT 911 | COM2" type of command. Note that there seems to be at least | three variants of this virus. More information can be found at: | http://www.nipc.gov/nipc/advis00-038.htm | http://www.symantec.com/avcenter/venc/data/bat.chode.worm.html | http://archives.neohapsis.com/archives/ntbugtraq/current/0020.html | http://archives.neohapsis.com/archives/ntbugtraq/current/0016.html --dave -- David Collier-Brown in Boston Phone: (781) 442-0734, Room BUR03-3632