Re: why the nimda upsurge again?

From: Jose Nazario (joseat_private)
Date: Tue Dec 04 2001 - 07:50:16 PST

  • Next message: j.e.r.k. ROCKS: "Re: solaris nscd cores"

    On Mon, 3 Dec 2001, Dug Song wrote:
    
    > are you sure it's Nimda you're looking at?
    
    i'm pretty confident it is. on the basis of the mail tags i have seen
    (using the nimda, not the nimda.e, content boundary tag) from infected
    machines, together with the scan pattern, it appears to be nimda, not
    nimda.e. saw some nimda.e, of course, but this appears to be genuine
    nimda mostly, with some nimda.e thrown in for good measure.
    
    ____________________________
    jose nazario						     joseat_private
    	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
    				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 10:17:19 PST