New Nimda?

["Bradley, Tony" <tony.bradley () eds com>]

The ideas and opinions expressed in this email do not in any way reflect or
represent the opinions of my employer...

Has anyone been seeing any new variation of Nimda? From my research Nimda
was alleged to be able to spoof the "from" address in its mass-mailing
propagation, but I was under the impression that piece was not functional.

Twice in the last week I have seen blank messages with the Sample.exe file
attachment that are picked up by all major anti-virus software as Nimda, but
the from address was spoofed. The systems that were alleged to have
propagated the virus checked out clean and did not send any email during the
timeframe that the recipients got the infected messages.

It seems as if someone has fixed that spoofing functionality but I can't
find any evidence of an officially recognized new variant. Has anyone else
seen something similar or have any more information on Nimda spoofing the
email address?


Tony Bradley, MCSE, MCSA, MCP, A+
Threat & Vulnerability Monitor
Electronic Data Systems

"The price of success is hard work, dedication to the job at hand, and the
determination that whether we win or lose, we have applied the best of
ourselves to the task at hand."  ~ Vince Lombardi ~

  

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com