I personally have rcvd it twice today, and a number of people in my company have rcvd it at least once, both times i rcvd it, it was from a dif email address Don -----Original Message----- From: Brett Glass [mailto:brettat_private] Sent: Tuesday, September 18, 2001 3:40 PM To: John Q. Public; incidentsat_private; bugtraqat_private Subject: Re: nimda tries to send mail after reboot We have a filter on our e-mail server; it's designed to catch attachments with (among other things) the name "readme.exe". (We actually had this in place before Nimda/Code Rainbow began to run rampant; another worm sends an attachment with the same name.) So far, we haven't caught a single Code Rainbow/Nimda e-mail. This is odd, because we are constantly receiving (and blocking) other e-mail worms. Has anyone received Nimda/Code Rainbow in the mail? Is it possible that the worm's e-mailing code is broken? (I sure hope so.) --Brett At 01:32 PM 9/18/2001, John Q. Public wrote: >here I go replying to myself again... > >we cannot get it to send mail to a dummy host we have built. It connects >and sits there. if nimda is waiting for a particular response, it's not >obvious in the strings of the binary. (and not obvious to someone who >fears assembly) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 19:37:08 PDT