Security Incidents mailing list archives

Re: nimda subject line

From: Eric Chien <ecchien () yahoo com>
Date: Fri, 21 Sep 2001 13:13:07 -0700 (PDT)

Hello,

W32.Nimda.A@mm uses random subject lines that are
generated from email message bodies, filenames, and
'random junk in memory'.  The 'random junk in memory'
appears to be a bug on the author's part.

...Eric


At 10:38 AM 9/20/2001 +0200, Thomas Roessler wrote:

On incidents.org, they write that Nimda e-mail can
easily be recognized by the long, ugly, repetitive
subject headers.

This is not correct: Late on Sep 18, I received a
Nimda-generated message with the subject line "Thank
you".  The payload was the same one you see

everywhere >else, with the usual four-byte variation.


__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

nimda subject line Thomas Roessler (Sep 20)
- Re: nimda subject line Thomas Roessler (Sep 20)
- <Possible follow-ups>
- Re: nimda subject line Eric Chien (Sep 21)