Re: Nimda.E/unknown memory resident, internet-aware processes

["Johannes Ullrich" <jullrich () euclidian com>]

> Anyone seen this before?

typical 'botnet'. Not sure which code they are using, but this basic
setup is very common.

The fact that the machine got eventually infected with Nimda just
shows that it was vulnerable all along. Finding multiple backdoors
on machines like this is common. 

-- 
--------------------------------------------------------------------
jullrich () euclidian com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>