Perhaps people are formatting for XP and reinstalling IIS without the fixes and becoming infected? - James -----Original Message----- From: Jose Nazario [mailto:joseat_private] Sent: Monday, December 03, 2001 1:27 PM To: incidentsat_private Subject: why the nimda upsurge again? in the past week or two i have noticed a strong upsurge in nimda probes and requests, and i know i'm not alone in this. while the bulk of the requests are local (given the mechanism it uses for addressing), several are from outside our network. there is no similar rise appearant in code red v1 or v2. what is the reason for this upsurge again? has anyone been able to figure it out? since nimda appeared XP has been released .. is XP offering a new hole to infect and spread from (just a hypothesis)? thanks ... ____________________________ jose nazario joseat_private PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 09:30:14 PST