Security Incidents mailing list archives
Newest Nimda variant? Scanning ftp,telnet,smtp,snmp?
From: Glenn Forbes Fleming Larratt <glratt () io com>
Date: Wed, 19 Dec 2001 23:14:49 -0600 (CST)
Can someone point me to a recent and fairly complete Nimda analysis? I have logs of an infected host that's not only doing the "GET .../c+dir" thing and scanning for Windows shares, but also scanning for open TCP ports 20, 21, 23, and 25, *and* UDP 161. Is this a variant I've not read about, or am I possibly cross-infected with Nimda *and* something else? Any info gratefully received, -g -- Glenn Forbes Fleming Larratt The Lab Ratt (not briggs :-) glratt () io com http://www.io.com/~glratt There are imaginary bugs to chase in heaven. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Newest Nimda variant? Scanning ftp,telnet,smtp,snmp? Glenn Forbes Fleming Larratt (Dec 20)
- <Possible follow-ups>
- RE: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp? Tony Langdon (Dec 21)