Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nimda tries to send mail after reboot

From: Brett Glass <brett () lariat org>
Date: Wed, 19 Sep 2001 11:13:30 -0600
Messages bearing the worm are starting to trickle in, slowly. It
may be that the worm is designed to start e-mailing only after the
infection is a certain number of hours old.

Sadly, the copies of the worm we're receiving are coming from
companies whose employees we'd expect to know better than to
leave machines unprotected -- such as V-One and SCO.

I agree that it will be a very long week. None of our machines
is susceptible to the worm, but our backbone feed is getting
hammered. I wish we had a firewall under our control at our
upstream provider.

--Brett Glass

At 11:08 AM 9/19/2001, jforster () rapidnet com wrote:


I got a few copies of this worm (via e-mail) this afternoon.
Sadly, someone else in the office did as well (or hit an infected site).
It's going to be a long week....




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: