IIS cmd.exe and unicode

[Bastian Ballmann <ballmann () co-de de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi community!! =)
Does anyone know if nimba is still very active? Or if another worm is using 
the IIS cmd.exe and unicode exploit to spread?
Cause last night Snort detected a very high amount of those attacks...
Thanx and greets

Bastian Ballmann
@ Computational Design
- -- 
- ---:[ Keep the right to crypt!
\214^D^C^C^BM8¨^N^U,£B`É4ºÄ^L^@ÐBìóÁÀ!O½1CÍ^\MÜy±
ôæ]%\203\224ú^AKÇ8Ó^_ñ-GN^E\202=^[Ì^GÖlªÇ^Z\236\201
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvfr3gACgkQ/X/Mmob5zke94gCeMtxMvggoS0A4Gxfna46w15iE
clYAniDmqkBFc+xQKwl22HXaHyPeV1HJ
=Gx6c
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users