-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am releasing a tool that I have written that monitors port 80 loging servers infected by Nimda. However the point of the tool is not just to log infected servers but to look for variants. As we have seen in the past worms being released in the wild then rereleased with new logic, Worm Watcher will log changes made to http requests, number requested, the order they are requested etc. This will spot a rereleased version of Nimda that we know will be in the wild in a matter of time. screen shot ( http://www.hackersdigest.com/wormwatch/wormwatch.jpg ) source code ( http://www.hackersdigest.com/wormwatch/wormwatch.zip ) H A C K E R ' S D I G E S T - -------------------------------------------------- A Magazine For People Like You - -------------------------------------------------- www.hackersdigest.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBO6ihVhvYMaRdXcazEQJRxQCfWdkZYQaYbPUX+6K9kOHwuxFI0pAAniF1 p7ab1HcYl/3UC0Ot21xQxMYP =t0RK -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 08:51:18 PDT