Security Incidents mailing list archives
Worm Watch
From: "John Thornton" <jthornton () hackersdigest com>
Date: Wed, 19 Sep 2001 09:44:55 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am releasing a tool that I have written that monitors port 80 loging servers infected by Nimda. However the point of the tool is not just to log infected servers but to look for variants. As we have seen in the past worms being released in the wild then rereleased with new logic, Worm Watcher will log changes made to http requests, number requested, the order they are requested etc. This will spot a rereleased version of Nimda that we know will be in the wild in a matter of time. screen shot ( http://www.hackersdigest.com/wormwatch/wormwatch.jpg ) source code ( http://www.hackersdigest.com/wormwatch/wormwatch.zip ) H A C K E R ' S D I G E S T - -------------------------------------------------- A Magazine For People Like You - -------------------------------------------------- www.hackersdigest.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBO6ihVhvYMaRdXcazEQJRxQCfWdkZYQaYbPUX+6K9kOHwuxFI0pAAniF1 p7ab1HcYl/3UC0Ot21xQxMYP =t0RK -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Worm Watch John Thornton (Sep 19)