[Dshield] Look at this Nitwit
rick at jaray.net
Thu Jan 29 01:20:58 GMT 2004
Why not just turn it back on itself? Just add this puppy into your
exsisting 404 page.. Grab a cup of coffee and have a wonderful day.
'Get the entire URL requested
'A list of filenames Nimda looks for
'Detect a GET request from the Nimda virus and take appropriate action
for i=0 to UBound(arrBadString)
if inStr(myRequest,arrBadString(i))>0 then
'turn offending server back on itself
> -----Original Message-----
> From: list-bounces at dshield.org
> [mailto:list-bounces at dshield.org] On Behalf Of David Hart
> Sent: Wednesday, January 28, 2004 4:41 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Look at this Nitwit
> On Wed, 2004-01-28 at 16:50, Keith Bergen wrote:
> > Yes. That is a Windows IIS server that is infected with the
> > Nimda virus and trying to propagate it to your box. There's
> > probably not a lot you can do about it apart from sending an
> > email to his provider with the logs. . . .
> How do you feel about a zero-byte default.ida? It saves some
> cycles. any downside?
> Quality Management - A Commitment to Excellence
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
More information about the list