Security Incidents mailing list archives
Re: Nimda.E/unknown memory resident, internet-aware processes
From: "Johannes Ullrich" <jullrich () euclidian com>
Date: Thu, 20 Mar 2003 11:03:05 -0500
Anyone seen this before?
typical 'botnet'. Not sure which code they are using, but this basic setup is very common. The fact that the machine got eventually infected with Nimda just shows that it was vulnerable all along. Finding multiple backdoors on machines like this is common. -- -------------------------------------------------------------------- jullrich () euclidian com Collaborative Intrusion Detection join http://www.dshield.org ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- Nimda.E/unknown memory resident, internet-aware processes Matt Hornsby (Mar 20)
- Re: Nimda.E/unknown memory resident, internet-aware processes Johannes Ullrich (Mar 20)