RE: Second wave of Nimda?

From: Megyesi, Heather (HEATHERMat_private)
Date: Thu Sep 27 2001 - 13:17:03 PDT

Next message: UMusBKidNat_private: "RE: Nimda et.al. versus ISP responsibility"

Previous message: Jason Robertson: "RE: Nimda et.al. versus ISP responsibility"
Maybe in reply to: Tracey Losco: "Second wave of Nimda?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've seen the same thing....
in a couple of different places...
Cert is also showing an advisory
----------------------------------------------------------------------------
----

W32/Nimda
The CERT/CC continues to receive a steady stream of reports of W32/Nimda
although the volume of reports has dropped significantly since it first
appeared on September 18th. However, the W32/Nimda worm contains code that
will cause an infected host to send infected email messages every 10 days.
Hosts that were initially infected on Tuesday, September 18th and not
recovered could start sending another round of messages tomorrow, September
28th. 



-----Original Message-----
From: Tracey Losco [mailto:tal1at_private]
Sent: Thursday, September 27, 2001 12:26 PM
To: incidentsat_private
Subject: Second wave of Nimda?


Has anyone heard of this and is there any merit in its possibility? 
In the code for the worm, there was a "get system time" call...I was 
wondering whether or not it was for computations or whether it was a 
timer....it this is true, it looks like it was a timer....

Researchers say Nimda set to propagate again

By Deborah Radcliff, Computerworld online
September 27, 2001 10:52 am PT



RESEARCHERS HAVE DISCOVERED a third vector to the Nimda worm, which is
set to propagate again through e-mail at 1 a.m. ET Friday.

The website is located:

http://www.infoworld.com/articles/hn/xml/01/09/27/010927hnnimbda.xml?0927ale
rt

--------------------------------------------------------------------
Tracey Losco
Network Security Analyst		securityat_private
ITS - Network Services			http://www.nyu.edu/its/security
New York University			(212) 998 - 3433

PGP Fingerprint: 8FFB FE47 6156 7BF0  B19E 462B 9DFE 51F5


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: UMusBKidNat_private: "RE: Nimda et.al. versus ISP responsibility"
Previous message: Jason Robertson: "RE: Nimda et.al. versus ISP responsibility"
Maybe in reply to: Tracey Losco: "Second wave of Nimda?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 15:43:59 PDT