Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: New Nimda?

From: "Steve" <steve () securesolutions org>
Date: Thu, 7 Mar 2002 19:45:15 -0700
Hi Tony.

I don't think it is a new variant, as I had always seen the spoofed Mail
From: field in any Nimda mailing I have seen.  I have also seen another
wave of default.ida attempts recently -- just in time to test the new
IDS.

Steve Manzuik
Secure Solutions
www.securesolutions.org


-----Original Message-----
From: Bradley, Tony [mailto:tony.bradley () eds com] 
Sent: Thursday, March 07, 2002 12:48 PM
To: 'incidents () securityfocus com'
Subject: New Nimda?


The ideas and opinions expressed in this email do not in any 
way reflect or represent the opinions of my employer...

Has anyone been seeing any new variation of Nimda? From my 
research Nimda was alleged to be able to spoof the "from" 
address in its mass-mailing propagation, but I was under the 
impression that piece was not functional.

Twice in the last week I have seen blank messages with the 
Sample.exe file attachment that are picked up by all major 
anti-virus software as Nimda, but the from address was 
spoofed. The systems that were alleged to have propagated the 
virus checked out clean and did not send any email during the 
timeframe that the recipients got the infected messages.

It seems as if someone has fixed that spoofing functionality 
but I can't find any evidence of an officially recognized new 
variant. Has anyone else seen something similar or have any 
more information on Nimda spoofing the email address?


Tony Bradley, MCSE, MCSA, MCP, A+
Threat & Vulnerability Monitor
Electronic Data Systems

"The price of success is hard work, dedication to the job at 
hand, and the determination that whether we win or lose, we 
have applied the best of ourselves to the task at hand."  ~ 
Vince Lombardi ~

  

--------------------------------------------------------------
--------------
This list is provided by the SecurityFocus ARIS analyzer 
service. For more information on this free incident handling, 
management 
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: