NAI avertlabs marked is as "high", but their VIL database is know giving some technical errors. These are few vendor responses (not much information though): Sophos http://www.sophos.com/virusinfo/analyses/w32nimdaa.html NAI http://vil.nai.com/vil/virusSummary.asp?virus_k=99209 F-Secure http://www.f-secure.com/v-descs/nimda.shtml Symantec http://www.sarc.com/avcenter/venc/data/w32.nimda.aat_private Also NAI calls it Minda, and not Nimda ;) From their info it says - The virus contains the string :Concept Virus(CV) V.5, Copyright(c) 2001 R.P.China , so reffer to Defcom's Olle Segerdahl post to Incidents and Bugtraq... Berislav Kucan Help Net Security - http://www.net-security.org IP-Solutions - http://www.ip-solutions.dk E-mail: bkucan@net-security.org Phone: +385 91 513 9159 *********** REPLY SEPARATOR *********** On 9/18/2001 at 10:57 AM Brett Glass wrote: >At 10:21 AM 9/18/2001, Jay D. Dyson wrote: > >> It's a two-prong worm. It appears to be primarily disseminated >>via e-mail, and then launches its attacks on web hosts upon successful >>infection. > >Newsbytes is calling this worm "Code Rainbow," while some of the antivirus >firms seem to be calling it "W32.Nimda.A@mm". ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 10:31:09 PDT