Security Incidents mailing list archives
RE: Second wave of Nimda?
From: "Megyesi, Heather" <HEATHERM () BES CI PORTLAND OR US>
Date: Thu, 27 Sep 2001 13:17:03 -0700
I've seen the same thing.... in a couple of different places... Cert is also showing an advisory ---------------------------------------------------------------------------- ---- W32/Nimda The CERT/CC continues to receive a steady stream of reports of W32/Nimda although the volume of reports has dropped significantly since it first appeared on September 18th. However, the W32/Nimda worm contains code that will cause an infected host to send infected email messages every 10 days. Hosts that were initially infected on Tuesday, September 18th and not recovered could start sending another round of messages tomorrow, September 28th. -----Original Message----- From: Tracey Losco [mailto:tal1 () acf3 nyu edu] Sent: Thursday, September 27, 2001 12:26 PM To: incidents () securityfocus com Subject: Second wave of Nimda? Has anyone heard of this and is there any merit in its possibility? In the code for the worm, there was a "get system time" call...I was wondering whether or not it was for computations or whether it was a timer....it this is true, it looks like it was a timer.... Researchers say Nimda set to propagate again By Deborah Radcliff, Computerworld online September 27, 2001 10:52 am PT RESEARCHERS HAVE DISCOVERED a third vector to the Nimda worm, which is set to propagate again through e-mail at 1 a.m. ET Friday. The website is located: http://www.infoworld.com/articles/hn/xml/01/09/27/010927hnnimbda.xml?0927ale rt -------------------------------------------------------------------- Tracey Losco Network Security Analyst security () nyu edu ITS - Network Services http://www.nyu.edu/its/security New York University (212) 998 - 3433 PGP Fingerprint: 8FFB FE47 6156 7BF0 B19E 462B 9DFE 51F5 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Second wave of Nimda? Tracey Losco (Sep 27)
- Re: Second wave of Nimda? John Oliver (Sep 27)
- Re: Second wave of Nimda? Jensenne Roculan (Sep 27)
- <Possible follow-ups>
- RE: Second wave of Nimda? Megyesi, Heather (Sep 27)
- Re: Second wave of Nimda? John Oliver (Sep 27)