Snort mailing list archives
Re: hmm...nimda RICHED20.DLL alarms
From: Roberto Suarez Soto <robe () alfa21 com>
Date: Tue, 22 Jan 2002 09:39:24 +0100
On Jan/22, fluid wrote:
i am getting some of these every day from work (seemingly when users are running Office applications). It is the same set of machines every day...always attacking the same destination server. scans of the server are picking up nothing with any antivirus package i find, and the same is true of the workstations.
I've seen these too. They seem to appear in inofensive and well-checked networks. I've seen a few nimda .nws and nimda .eml alerts too, from the same hosts that the RICHED20.DLL came; they all have been checked for virus, and none was found. So, if someone knows something about this, I'm pretty much interested too :-) -- Roberto Suarez Soto Alfa21 Outsourcing robe () alfa21 com http://www.alfa21.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- hmm...nimda RICHED20.DLL alarms fluid (Jan 21)
- Re: hmm...nimda RICHED20.DLL alarms Roberto Suarez Soto (Jan 22)
- Re: hmm...nimda RICHED20.DLL alarms Guillaume (Jan 22)
- Re: hmm...nimda RICHED20.DLL alarms Rich Adamson (Jan 22)
- <Possible follow-ups>
- Re: hmm...nimda RICHED20.DLL alarms Ryan Drogo (Jan 22)
- RE: Re: hmm...nimda RICHED20.DLL alarms Ronneil Camara (Jan 22)
- How to unsubscribe? Densin Roy. (Jan 24)
- Re: How to unsubscribe? Edwin Eefting (Jan 24)
- Re: How to unsubscribe? Densin Roy. (Jan 24)
- Re: How to unsubscribe? Matt Kettler (Jan 24)
- How to unsubscribe? Densin Roy. (Jan 24)
- Re: hmm...nimda RICHED20.DLL alarms Roberto Suarez Soto (Jan 22)