Johannes B. Ullrich
jullrich at euclidian.com
Tue Oct 30 18:24:54 GMT 2001
-----BEGIN PGP SIGNED MESSAGE-----
Nimda.E is active and "out there". I got a couple of emails with it
attached. It is basically a streamlined Nimda version. Nothing
earth-shattering and I don't expect its impact to be any larger than the
old Nimda (which is bad enough).
To submit weblogs, we got a new script to filter these events
There should be some analysis at incidents.org shortly.
If you haven't patched IIS yet, it will get you. But on the other hand,
you are unlikely to read this email if you haven't... BTW: Outlook Express
5.x will open Nimda emails without warning....
I am also thinking about a more general "web log anomaly detector" but it
slipped down in my priority scale. Let me know if anyone is interested.
On Tue, 30 Oct 2001, MARK HOUPT wrote:
> Found on Symantecs site and others that NIMDA.E is out. Question is, has anyone seen it? Is anything happening with it or is it a dud like the other follow on versions of NIMDA?
> Mark Houpt
> Senior Information Security Analyst
> Sallie Mae
> (317) 594-1993
> mhoupt at salliemae.com
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the list