Hosting Provided By

Re: Nimda.E/unknown memory resident, internet-aware processes

From: Johannes Ullrich <jullrich(at)euclidian.com>
Date: Thu Mar 20 2003 - 11:03:05 EST

typical 'botnet'. Not sure which code they are using, but this basic setup is very common.

The fact that the machine got eventually infected with Nimda just shows that it was vulnerable all along. Finding multiple backdoors on machines like this is common.

-- 
--------------------------------------------------------------------
jullrich@euclidian.com             Collaborative Intrusion Detection
                                         join 
http://www.dshield.org

----------------------------------------------------------------------------

Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.
http://www.securityfocus.com/stillsecure"> 
http://www.securityfocus.com/stillsecure

Received on Thu Mar 20 12:24:38 2003

This message: [ Message body ]
Next message: Pierre Vandevenne: ""webmoney" trojan and COM interface analysis"
In reply to Matt Hornsby: "Nimda.E/unknown memory resident, internet-aware processes"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:00 EDT