Re: Nimda.E/unknown memory resident, internet-aware processes

From: Johannes Ullrich (jullrichat_private)
Date: Thu Mar 20 2003 - 08:03:05 PST

Next message: Pierre Vandevenne: ""webmoney" trojan and COM interface analysis"

Previous message: Matt Hornsby: "Nimda.E/unknown memory resident, internet-aware processes"
In reply to: Matt Hornsby: "Nimda.E/unknown memory resident, internet-aware processes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Anyone seen this before?

typical 'botnet'. Not sure which code they are using, but this basic
setup is very common.

The fact that the machine got eventually infected with Nimda just
shows that it was vulnerable all along. Finding multiple backdoors
on machines like this is common. 

-- 
--------------------------------------------------------------------
jullrichat_private             Collaborative Intrusion Detection
                                         join http://www.dshield.org

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

Next message: Pierre Vandevenne: ""webmoney" trojan and COM interface analysis"
Previous message: Matt Hornsby: "Nimda.E/unknown memory resident, internet-aware processes"
In reply to: Matt Hornsby: "Nimda.E/unknown memory resident, internet-aware processes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 20 2003 - 09:24:12 PST