Snort mailing list archives
RE: IIS cmd.exe and unicode
From: "Madden, Daniel" <Daniel.Madden () compaq com>
Date: Wed, 31 Oct 2001 11:07:28 +0100
A little more reading... http://www.symantec.com/avcenter/venc/data/w32.nimda.e () mm html The major differences in this are, along with the filenames to filter are: * The attachment received has been changed to: Sample.exe * The dropped .dll file is now: Httpodbc.dll/cool.dll * The worm now copies itself to the \Windows\System folder as Csrss.exe instead of Mmc.exe Dan -----Original Message----- From: Bastian Ballmann [mailto:ballmann () co-de de] Sent: Wednesday, October 31, 2001 9:00 AM To: Snort-users () lists sourceforge net Subject: [Snort-users] IIS cmd.exe and unicode -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi community!! =) Does anyone know if nimba is still very active? Or if another worm is using the IIS cmd.exe and unicode exploit to spread? Cause last night Snort detected a very high amount of those attacks... Thanx and greets Bastian Ballmann @ Computational Design - -- - ---:[ Keep the right to crypt! \214^D^C^C^BM8¨^N^U,£B`É4ºÄ^L^@ÐBìóÁÀ!O½1CÍ^\MÜy± ôæ]%\203\224ú^AKÇ8Ó^_ñ-GN^E\202=^[Ì^GÖlªÇ^Z\236\201 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjvfr3gACgkQ/X/Mmob5zke94gCeMtxMvggoS0A4Gxfna46w15iE clYAniDmqkBFc+xQKwl22HXaHyPeV1HJ =Gx6c -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IIS cmd.exe and unicode Bastian Ballmann (Oct 31)
- <Possible follow-ups>
- RE: IIS cmd.exe and unicode Madden, Daniel (Oct 31)
- RE: IIS cmd.exe and unicode Madden, Daniel (Oct 31)