The ideas and opinions expressed in this email do not in any way reflect or represent the opinions of my employer... Has anyone been seeing any new variation of Nimda? From my research Nimda was alleged to be able to spoof the "from" address in its mass-mailing propagation, but I was under the impression that piece was not functional. Twice in the last week I have seen blank messages with the Sample.exe file attachment that are picked up by all major anti-virus software as Nimda, but the from address was spoofed. The systems that were alleged to have propagated the virus checked out clean and did not send any email during the timeframe that the recipients got the infected messages. It seems as if someone has fixed that spoofing functionality but I can't find any evidence of an officially recognized new variant. Has anyone else seen something similar or have any more information on Nimda spoofing the email address? Tony Bradley, MCSE, MCSA, MCP, A+ Threat & Vulnerability Monitor Electronic Data Systems "The price of success is hard work, dedication to the job at hand, and the determination that whether we win or lose, we have applied the best of ourselves to the task at hand." ~ Vince Lombardi ~ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Mar 07 2002 - 18:34:18 PST