Re: why the nimda upsurge again?

From: Jose Nazario (joseat_private)
Date: Tue Dec 04 2001 - 07:50:16 PST

Next message: j.e.r.k. ROCKS: "Re: solaris nscd cores"

Previous message: Lance Spitzner: "Honeynet Research Alliance"
In reply to: Dug Song: "Re: why the nimda upsurge again?"
Next in thread: James: "RE: why the nimda upsurge again?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 3 Dec 2001, Dug Song wrote:

> are you sure it's Nimda you're looking at?

i'm pretty confident it is. on the basis of the mail tags i have seen
(using the nimda, not the nimda.e, content boundary tag) from infected
machines, together with the scan pattern, it appears to be nimda, not
nimda.e. saw some nimda.e, of course, but this appears to be genuine
nimda mostly, with some nimda.e thrown in for good measure.

____________________________
jose nazario						     joseat_private
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: j.e.r.k. ROCKS: "Re: solaris nscd cores"
Previous message: Lance Spitzner: "Honeynet Research Alliance"
In reply to: Dug Song: "Re: why the nimda upsurge again?"
Next in thread: James: "RE: why the nimda upsurge again?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 10:17:19 PST