[Dshield] Look at this Nitwit

Rick Klinge rick at jaray.net
Thu Jan 29 01:20:58 GMT 2004

Why not just turn it back on itself?  Just add this puppy into your
exsisting 404 page.. Grab a cup of coffee and have a wonderful day.


'Get the entire URL requested

'A list of filenames Nimda looks for

'Detect a GET request from the Nimda virus and take appropriate action

 for i=0 to UBound(arrBadString)
 if inStr(myRequest,arrBadString(i))>0 then
 'turn offending server back on itself
 Response.redirect ""
 end if

> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of David Hart
> Sent: Wednesday, January 28, 2004 4:41 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Look at this Nitwit
> On Wed, 2004-01-28 at 16:50, Keith Bergen wrote:
> > Yes. That is a Windows IIS server that is infected with the
> > Nimda virus and trying to propagate it to your box. There's 
> > probably not a lot you can do about it apart from sending an 
> > email to his provider with the logs. . . . 
> Thanks
> How do you feel about a zero-byte default.ida? It saves some 
> cycles. any downside?
> > 
>                                ---------
>             Quality Management - A Commitment to Excellence

Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.

More information about the list mailing list