Security Incidents mailing list archives

RE: Second wave of Nimda?

From: "Megyesi, Heather" <HEATHERM () BES CI PORTLAND OR US>
Date: Thu, 27 Sep 2001 13:17:03 -0700

I've seen the same thing....
in a couple of different places...
Cert is also showing an advisory
----------------------------------------------------------------------------
----

W32/Nimda
The CERT/CC continues to receive a steady stream of reports of W32/Nimda
although the volume of reports has dropped significantly since it first
appeared on September 18th. However, the W32/Nimda worm contains code that
will cause an infected host to send infected email messages every 10 days.
Hosts that were initially infected on Tuesday, September 18th and not
recovered could start sending another round of messages tomorrow, September
28th. 



-----Original Message-----
From: Tracey Losco [mailto:tal1 () acf3 nyu edu]
Sent: Thursday, September 27, 2001 12:26 PM
To: incidents () securityfocus com
Subject: Second wave of Nimda?


Has anyone heard of this and is there any merit in its possibility? 
In the code for the worm, there was a "get system time" call...I was 
wondering whether or not it was for computations or whether it was a 
timer....it this is true, it looks like it was a timer....

Researchers say Nimda set to propagate again

By Deborah Radcliff, Computerworld online
September 27, 2001 10:52 am PT



RESEARCHERS HAVE DISCOVERED a third vector to the Nimda worm, which is
set to propagate again through e-mail at 1 a.m. ET Friday.

The website is located:

http://www.infoworld.com/articles/hn/xml/01/09/27/010927hnnimbda.xml?0927ale
rt

--------------------------------------------------------------------
Tracey Losco
Network Security Analyst                security () nyu edu
ITS - Network Services                  http://www.nyu.edu/its/security
New York University                     (212) 998 - 3433

PGP Fingerprint: 8FFB FE47 6156 7BF0  B19E 462B 9DFE 51F5


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Second wave of Nimda? Tracey Losco (Sep 27)
- Re: Second wave of Nimda? John Oliver (Sep 27)
  - Re: Second wave of Nimda? Jensenne Roculan (Sep 27)
- <Possible follow-ups>
- RE: Second wave of Nimda? Megyesi, Heather (Sep 27)