We have a filter on our e-mail server; it's designed to catch attachments with (among other things) the name "readme.exe". (We actually had this in place before Nimda/Code Rainbow began to run rampant; another worm sends an attachment with the same name.) So far, we haven't caught a single Code Rainbow/Nimda e-mail. This is odd, because we are constantly receiving (and blocking) other e-mail worms. Has anyone received Nimda/Code Rainbow in the mail? Is it possible that the worm's e-mailing code is broken? (I sure hope so.) --Brett At 01:32 PM 9/18/2001, John Q. Public wrote: >here I go replying to myself again... > >we cannot get it to send mail to a dummy host we have built. It connects >and sits there. if nimda is waiting for a particular response, it's not >obvious in the strings of the binary. (and not obvious to someone who >fears assembly) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 18:27:24 PDT