Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wave of Nimda-like hits this morning?

From: "Jay D. Dyson" <jdyson () treachery net>
Date: Tue, 26 Feb 2002 18:11:03 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 26 Feb 2002, John Brahy wrote: 


Please keep in mind that came from a Solaris box, Apache log.
Whatever this (maybe) new bug is, it's blowing up these boxes left and
right...can't figure it out.  


Is anyone else having Solaris/Apache boxes blow up on them from this
variant? 


        I've got six Solaris boxen ranging from Solaris 2.4 all the way up
to (and including) Solaris 8, all running Apache 1.3.22 or 1.3.23.  All
have handled the past two days' Nimda scans without so much as a hiccup.

        The more I mull this over, the more I suspect PHP foul play.

- -Jay

  (    (                                                          _______
  ))   ))   .--"There's always time for a good cup of coffee"--.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) |    = |-'
 `--' `--'  `The armed are citizens.  The unarmed are subjects.'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iEYEARECAAYFAjx8QDsACgkQGI2IHblM+8EkCwCeN1dfm0zHmOLi5WcezJL7Jr6O
Nn8AoJg0BPBU5KXDfKCpFQ+a2RkG7+kZ
=piJs
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: