[Dshield] NIMDA.E?

Johannes B. Ullrich jullrich at euclidian.com
Tue Oct 30 18:24:54 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Nimda.E is active and "out there". I got a couple of emails with it 
attached. It is basically a streamlined Nimda version. Nothing 
earth-shattering and I don't expect its impact to be any larger than the 
old Nimda (which is bad enough).

To submit weblogs, we got a new script to filter these events
(http://www.dshield.org/nimda.html)

There should be some analysis at incidents.org shortly.

If you haven't patched IIS yet, it will get you. But on the other hand, 
you are unlikely to read this email if you haven't... BTW: Outlook Express 
5.x will open Nimda emails without warning....

I am also thinking about a more general "web log anomaly detector" but it 
slipped down in my priority scale. Let me know if anyone is interested.
 

On Tue, 30 Oct 2001, MARK HOUPT wrote:

> Found on Symantecs site and others that NIMDA.E is out. Question is, has anyone seen it? Is anything happening with it or is it a dud like the other follow on versions of NIMDA?
> 
> Thanks,
> 
> Mark Houpt
> Senior Information Security Analyst
> Sallie Mae 
> (317) 594-1993
> mhoupt at salliemae.com
> 
> 

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE73vB3VOIizK5pIDMRAnsVAKC4WETrvO26SXBNXW5r5JqXQW6CVgCbBpeX
qMNOHCa23ME3robHISE5xQU=
=G97b
-----END PGP SIGNATURE-----




More information about the list mailing list