incidents 2001/09
By Subject
489 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Sun Sep 02 2001 - 02:14:50 PDT
Ending: Mon Oct 01 2001 - 08:45:46 PDT
- [GFISEC] Nimda worm analysis
- [unisog] Some more details on the worm
- A suggestion to Concept/Nimda analysts
- Active defense gets serious: Announcing LaBrea 2.0
- Any one seen any evidence of "Code Blue?"
- Apache rewrite rules and error msgs & Nimda
- AW: Hacked using vulnerable FTP daemon.
- Bug in Apache 1.3.20 Server - Hackemate Research
- Code Red - A Possible Origin?
- code red attacks and real-time blackhole'ng
- Code Red Specifics
- code red to ftp?
- Code red variants?
- CodeBlue finally hitting, or what?
- command execution attempts
- concept virus
- Concept Virus / Nimda
- Concept Virus(CV) V.5 - Advisory and Quick analysis
- Concept Virus(CV) V.5 - Quick analysis update
- Concept Virus/Nimda sendmail-filter.
- Contact for McDonnell Douglas Corporation (NET-MDC-NET)
- Corrupted IE with nimda virus
- Curious AV behavior wrt Nimda
- Dead Thread - Nimda et.al. versus ISP responsibility
- Detailed Nimda Analysis Report
- DMCA Strikes again
- Explorer Dr. Watsons
- FBI Virus Alerts
- formmail
- Fwd: Massive CMD.EXE and ROOT.EXE scan
- Guess the tool...
- Hacked using vulnerable FTP daemon.
- Hacked using vulnerable FTP daemon. -- next steps
- IE 5.5 SP2 incident
- Incident Response
- Information site
- Interesting Scan--Looks like a new worm.
- is this new
- JRun 3.0 SP2 Vulnerability??
- Lengthy probes of port 8500
- Loopback traffic on the net
- Lots and lots of DNS lookups and increased number of /default .ida?XXXXXXXXXXXXXXXXXXXXXXXX...s
- Lots and lots of DNS lookups and increased number of /default.ida?XXXXXXXXXXXXXXXXXXXXXXXX...s
- massive cmd.exe and root.exe attempts
- Massive CMD.EXE and ROOT.EXE scan
- McAfee Stand-alone removal tool
- McAffee and Removal for W32/Nimda@MM?
- Microsoft advisory
- Middle East Attacks
- More complete log - looks viral to me...
- MS denys Nimda infection
- Mutex
- New "concept" virus/worm?
- New book worth taking a look at
- New Linux Trojan
- New variant of Magistr virus discovered
- New Version of Retina Nimba Scanner
- New Virus (TROJ_VOTE.A)
- New worm ??
- New worm attacking MS DNS servers?
- New worm behavior ?
- New Worm or Attack
- New worm segfaults apache
- New worm? 'readme.eml'
- Nimda - collected information
- Nimda - Local Privilege escalation?
- Nimda affecting HP LaserJet / JetDirect devices?
- Nimda affecting Linux?
- Nimda and others filter for apache
- Nimda and samba, chap II (20010531?)
- Nimda Apache RedirectMatch results
- Nimda esponsibility - Laying appropriatel - implied warranty of sale
- Nimda et.al. versus ISP responsibility
- Nimda et.al. versus ISP responsibility - Laying responsibilit y where it belongs
- Nimda et.al. versus ISP responsibility - Laying responsibility where it belongs
- Nimda et.al. versus ISP responsibility ---> a few thoughts
- Nimda et.al. versus ISP responsibility]
- NIMDA has a built in timer? No hits lately
- Nimda infecting executables
- nimda modem activity?
- Nimda mostly infects /8-locally.
- Nimda on Mac?
- Nimda Poison Pill
- Nimda Probes by Hour
- Nimda probes from way off IP addresses
- Nimda Probes Stopped
- Nimda repair problems
- nimda subject line
- nimda tries to send mail after reboot
- Nimda Worm
- Nimda Worm Alert
- Nimda Worm Mitigation
- Nimda Worm Mitigation: Snort
- Nimda.amm: anecdotal symptoms
- NIPC Advisory 01-021, "Potential DDoS Attacks"
- Our sumary of the NIMDA (CV) worm
- packets in my network
- Ping Scan
- Please tell me I'm wrong: microsoft.com infected
- Port 6635
- possible early worm vector?
- Possible new trojan?
- Possible new worm using directory traversal vulnerability?
- Pretty stealthy SSH scanning seen on the Internet.
- pubdestroyer2001.exe via anonymous FTP?
- Question
- Re(2): Nimda Probes Stopped
- Recent Increase in Port 139 Activity
- Recovery documentation
- Red Cross Fraud
- Red Cross Fraud: NOT
- Rekindled sploit scanning?
- Remote Shell Trojan: Threat, Origin and the Solution
- Retina-Nimda Scanner detects Win9x as infected...
- riched20.dll
- rpc.statd root on a Redhat 7.0 box....
- Run a mail host with a public MX record? Seeing large numbers of bounces?
- Run a mail host with a public MX record? Seeing large numbers of bounces?)
- RV: packets in my network
- Scan of the Month - September
- Second wave of Nimda?
- similar problems to (NET-MDC-NET)
- slowing down the spread of worms
- Some brief details on new worm
- Some more details on the worm
- ssh scans
- strange codered2-like request
- Strange debug output (HTTP)
- Strange entries in Apache access_log
- Strange traffic
- Strange traffic ....
- Strange traffic .... (final)
- Superkay.com:888
- SV: New worm behavior ?
- Symantec Security Response - W32.Nimda.A@mm Removal Tool
- Syn packets hitting port 80, not webserver
- Terrorist attacks today
- Terroristic attacks today
- test for browser vulnerability
- Time.com security contact?
- Tracking down the still infected hosts
- TROJ_VOTE.A (WTC.EXE)
- update: port 139 traffic
- Upgrading IE detects Nimda ?
- Using NBAR to stop your users from geting Nimda from a web page
- Vacation Troller, Please Ignore.
- VIRUS Riddled MIRC program?
- W32.Nimda disassembly/analysis
- W32.Nimda Infecting Executables !!!! :-(
- W32.Nimda.A@mm Worm Behavior
- Warning & Indicators - Cyber Conflict
- WARNING: Trojan Horse Disguised as Message from SecurityFocus and TrendMicro
- Web site infected by Nimda
- WebDAV Propfind? Anyone?
- Website automating download of readme.eml
- Wierd .ida request? What is it?
- Win32.Invalid.A@mm
- WORM FORENSICS?
- x.c worm analysis
- XdesktopdesktopdesktoNew email based virus - first one just arrived here...
- Yet Another Nimda Thread (YANT)
Last message date: Mon Oct 01 2001 - 08:45:46 PDT
Archived on: Mon Oct 01 2001 - 08:45:49 PDT
489 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Mon Oct 01 2001 - 08:45:49 PDT