At 05:42 PM 9/17/2002 +0800, you wrote: >Hi, need some advice for the below log, can anyone advice if its are a pattern >of Nimda which I find it rather strange because it downloads cool.dll and >httpodbc.dll instead of Admin.dll. Norton Antivirus reported a W32.Nimda.E@MM >(dr) virus, is it a new variant?? Norton is correct. It is .e, and, no, it's not a new variant. It's quite old, and quite active. See: http://www.wormwatch.org/images/WCMthly.html There is quite a bit of Nimda.e, and Nimda.generic (In other words, WormCatcher can't figure out what variant is hitting it), but no Nimda.a this month. There was a little bit last month, but most of it is .e. Roger ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 13:01:52 PDT