Security Incidents mailing list archives

Newest Nimda variant? Scanning ftp,telnet,smtp,snmp?

From: Glenn Forbes Fleming Larratt <glratt () io com>
Date: Wed, 19 Dec 2001 23:14:49 -0600 (CST)

Can someone point me to a recent and fairly complete Nimda analysis?
I have logs of an infected host that's not only doing the "GET .../c+dir"
thing and scanning for Windows shares, but also scanning for open TCP
ports 20, 21, 23, and 25, *and* UDP 161.

Is this a variant I've not read about, or am I possibly cross-infected
with Nimda *and* something else?

Any info gratefully received,
        -g

-- 
Glenn Forbes Fleming Larratt         The Lab Ratt (not briggs :-)
glratt () io com                        http://www.io.com/~glratt
There are imaginary bugs to chase in heaven.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Newest Nimda variant? Scanning ftp,telnet,smtp,snmp? Glenn Forbes Fleming Larratt (Dec 20)
- Re: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp? H C (Dec 20)
- <Possible follow-ups>
- RE: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp? Tony Langdon (Dec 21)