Re: Nimda.E/unknown memory resident, internet-aware processes

From: Johannes Ullrich (jullrichat_private)
Date: Thu Mar 20 2003 - 08:03:05 PST

  • Next message: Pierre Vandevenne: ""webmoney" trojan and COM interface analysis"

    > Anyone seen this before?
    
    typical 'botnet'. Not sure which code they are using, but this basic
    setup is very common.
    
    The fact that the machine got eventually infected with Nimda just
    shows that it was vulnerable all along. Finding multiple backdoors
    on machines like this is common. 
    
    -- 
    --------------------------------------------------------------------
    jullrichat_private             Collaborative Intrusion Detection
                                             join http://www.dshield.org
    
    ----------------------------------------------------------------------------
    
    <Pre>Lose another weekend managing your IDS?
    Take back your personal time.
    15-day free trial of StillSecure Border Guard.</Pre>
    <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
    



    This archive was generated by hypermail 2b30 : Thu Mar 20 2003 - 09:24:12 PST