RE: Nimda Infections

[Jim Howard <Jim.Howard () abcv com>]

You are not alone.  Daily, I see about 300 attempts or more on our class C
spaces.  I have tried to mail as many as I could, and I have submitted logs
to the people that said they were going to contact everyone.  Still we see
it.  At this point, I am really wondering what it will take to erradicate it
from the net.  On a happier note, I have also been talking to ISPs, who have
said if infections don't get fixed, they will shut off network access to
those hosts/networks.  This, at least is a good sign, that there is
something that can be done yet.  We used to pay for bandwidth on our network
connection.  I feel for anyone that is still doing it that way in the light
of such virii.  I too, believe there is no such thing as a good virus, but
it would certainly be nice to have these uncared-for systems to just go
away.


-----Original Message-----
From: reilly () speakeasy net [mailto:reilly () speakeasy net]
Sent: Monday, November 12, 2001 5:28 PM
To: incidents () securityfocus com
Subject: Nimda Infections


It's amazing to me when I see the amount of systems still infected with
Nimda.  In today's logs I see a huge amount of systems in the ATT network
that are still banging away.  I can't even give you the amount of systems
that I'm seeing from China.  What is so difficult about patching your system
against the .hta, .htq vuln.  I don't mean to go off on a rant but am I the
only one that feels this way?  Is everyone else seeing the same activity?


[.. list deleted ..]

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com