I've seen the same thing.... in a couple of different places... Cert is also showing an advisory ---------------------------------------------------------------------------- ---- W32/Nimda The CERT/CC continues to receive a steady stream of reports of W32/Nimda although the volume of reports has dropped significantly since it first appeared on September 18th. However, the W32/Nimda worm contains code that will cause an infected host to send infected email messages every 10 days. Hosts that were initially infected on Tuesday, September 18th and not recovered could start sending another round of messages tomorrow, September 28th. -----Original Message----- From: Tracey Losco [mailto:tal1at_private] Sent: Thursday, September 27, 2001 12:26 PM To: incidentsat_private Subject: Second wave of Nimda? Has anyone heard of this and is there any merit in its possibility? In the code for the worm, there was a "get system time" call...I was wondering whether or not it was for computations or whether it was a timer....it this is true, it looks like it was a timer.... Researchers say Nimda set to propagate again By Deborah Radcliff, Computerworld online September 27, 2001 10:52 am PT RESEARCHERS HAVE DISCOVERED a third vector to the Nimda worm, which is set to propagate again through e-mail at 1 a.m. ET Friday. The website is located: http://www.infoworld.com/articles/hn/xml/01/09/27/010927hnnimbda.xml?0927ale rt -------------------------------------------------------------------- Tracey Losco Network Security Analyst securityat_private ITS - Network Services http://www.nyu.edu/its/security New York University (212) 998 - 3433 PGP Fingerprint: 8FFB FE47 6156 7BF0 B19E 462B 9DFE 51F5 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 15:43:59 PDT