Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Nimda Infections

From: "w1re p4ir" <w1rep4ir () disinfo net>
Date: 13 Nov 2001 15:49:58 -0000
When nimda was first launched I could've sworn it _was_ getting rid of all these horribly infectious hosts. Working 
with a few clients It appears that whenever it tftp outs it creates a TFTPXXXX (where the x's are incremental), around 
50k files... Now each machine making hundereds of connection attempts a minute this fills up. Besides some machines 
having bigger harddrives than others, why aren't these too knocked off the internet? I remember watching the code red 
boxes i had logged (nearly 4000) just drop off the net one by one. It was quite amusing at first, but I'm still baffled 
as to why these other nimda infected machines aren't doing the same. Any one know/care?
w1re

________________________________________________________
The Best News Source On The Web - http://www.disinfo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: