Security Incidents mailing list archives

Re: Another Nimda attack??

From: Roger Thompson <rogert () mindspring com>
Date: Tue, 17 Sep 2002 20:57:15 -0400

At 05:42 PM 9/17/2002 +0800, you wrote:

Hi, need some advice for the below log, can anyone advice if its are a pattern
of Nimda which I find it rather strange because it downloads cool.dll and
httpodbc.dll instead of Admin.dll.  Norton Antivirus reported a W32.Nimda.E@MM
(dr) virus, is it a new variant??

Norton is correct. It is .e, and, no, it's not a new variant. It's quiteold, and quite active. See:


http://www.wormwatch.org/images/WCMthly.html

There is quite a bit of Nimda.e, and Nimda.generic (In other words,WormCatcher can't figure out what variant is hitting it), but no Nimda.athis month. There was a little bit last month, but most of it is .e.


Roger


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

Another Nimda attack?? Eugene Chua Yew Gin (Sep 17)
- Re: Another Nimda attack?? Roger Thompson (Sep 18)