[Dshield] NIMDA.E?

Johannes B. Ullrich jullrich at euclidian.com
Tue Oct 30 18:24:54 GMT 2001

Hash: SHA1

Nimda.E is active and "out there". I got a couple of emails with it 
attached. It is basically a streamlined Nimda version. Nothing 
earth-shattering and I don't expect its impact to be any larger than the 
old Nimda (which is bad enough).

To submit weblogs, we got a new script to filter these events

There should be some analysis at incidents.org shortly.

If you haven't patched IIS yet, it will get you. But on the other hand, 
you are unlikely to read this email if you haven't... BTW: Outlook Express 
5.x will open Nimda emails without warning....

I am also thinking about a more general "web log anomaly detector" but it 
slipped down in my priority scale. Let me know if anyone is interested.

On Tue, 30 Oct 2001, MARK HOUPT wrote:

> Found on Symantecs site and others that NIMDA.E is out. Question is, has anyone seen it? Is anything happening with it or is it a dud like the other follow on versions of NIMDA?
> Thanks,
> Mark Houpt
> Senior Information Security Analyst
> Sallie Mae 
> (317) 594-1993
> mhoupt at salliemae.com

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


More information about the list mailing list