FYI: followup on 911 "share" virus.

David Collier-Brown - Sun Canada davecb at scot.canada.sun.com
Fri Apr 7 11:25:39 GMT 2000


The SANS Institute <sans at sans.org> wrote:
| This week saw many immediate alerts (including those from SANS and NIPC)
| about the "911" virus. Symantec has dubbed it "BAT.Chode.Worm." The
| virus is actually a set of batch files; its propagation method is
| similar to "net use /yes j: \\RANDOM-IP" and it attempts to find
| nonpassword protected shares on a system (presumably Microsoft Windows
| 95/98). The actual modem interaction portion is due to a "echo A | echo
| ATDT 911 | COM2" type of command. Note that there seems to be at least
| three variants of this virus. More information can be found at:
| http://www.nipc.gov/nipc/advis00-038.htm
| http://www.symantec.com/avcenter/venc/data/bat.chode.worm.html
| http://archives.neohapsis.com/archives/ntbugtraq/current/0020.html
| http://archives.neohapsis.com/archives/ntbugtraq/current/0016.html

--dave
--
David Collier-Brown in Boston
Phone: (781) 442-0734, Room BUR03-3632



More information about the samba mailing list