why the nimda upsurge again?

From: Jose Nazario (joseat_private)
Date: Mon Dec 03 2001 - 10:27:27 PST

Next message: Konrad Rieck: "Re: linux 'zoot' rootkit/DoSkit/etc"

Previous message: Armando B. Ortiz: "Re: Attacks against SSH?"
Next in thread: Dug Song: "Re: why the nimda upsurge again?"
Reply: Dug Song: "Re: why the nimda upsurge again?"
Reply: James: "RE: why the nimda upsurge again?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

in the past week or two i have noticed a strong upsurge in nimda probes
and requests, and i know i'm not alone in this. while the bulk of the
requests are local (given the mechanism it uses for addressing), several
are from outside our network. there is no similar rise appearant in code
red v1 or v2.

what is the reason for this upsurge again? has anyone been able to figure
it out? since nimda appeared XP has been released .. is XP offering a new
hole to infect and spread from (just a hypothesis)?

thanks ...

____________________________
jose nazario						     joseat_private
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Konrad Rieck: "Re: linux 'zoot' rootkit/DoSkit/etc"
Previous message: Armando B. Ortiz: "Re: Attacks against SSH?"
Next in thread: Dug Song: "Re: why the nimda upsurge again?"
Reply: Dug Song: "Re: why the nimda upsurge again?"
Reply: James: "RE: why the nimda upsurge again?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 13:29:46 PST