Worm Watch
From: John Thornton (jthornton@HACKERSDIGEST.COM)Date: 09/19/01
- Previous message: Gerald Carter: "Re: Nimda and Samba shares"
- In reply to: Gerald Carter: "Re: Nimda and Samba shares"
- Next in thread: Edward York: "Nimda and SSL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <00a801c140ef$73708580$7b29fea9@laptop> Date: Wed, 19 Sep 2001 02:42:45 -0700 From: John Thornton <jthornton@HACKERSDIGEST.COM> Subject: Worm Watch To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I am releasing a tool that I have written that monitors port 80 loging
servers infected by Nimda. However the point of the tool is not just to log
infected servers but to look for variants. As we have seen in the past worms
being released in the wild then rereleased with new logic, Worm Watcher will
log changes made to http requests, number requested, the order they are
requested etc. This will spot a rereleased version of Nimda that we know
will be in the wild in a matter of time.
screen shot ( http://www.hackersdigest.com/wormwatch/wormwatch.jpg )
source code ( http://www.hackersdigest.com/wormwatch/wormwatch.zip )
executible( http://www.hackersdigest.com/wormwatch/wormwatch.exe )
H A C K E R ' S D I G E S T
--------------------------------------------------
A Magazine For People Like You
--------------------------------------------------
www.hackersdigest.com
John Thornton - jthornton@hackersdigest.com
Editor in Chief
Hackers Digest - www.hackersdigest.com
============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE
If you are worried about email viruses, you need Trend Micro ScanMail for
Exchange. ScanMail is the first antivirus solution that seamlessly
integrates with the Microsoft Exchange 2000 virus-scanning API 2.0. ScanMail
ensures 100% inbound and outbound email virus scanning and provides remote
software management. Download a FREE 30-day trial copy of ScanMail and find
out why it is the best:
http://www.antivirus.com/banners/tracking.asp?si=8&BI;=240&UL;=/smex2000
============================================================================
- Previous message: Gerald Carter: "Re: Nimda and Samba shares"
- In reply to: Gerald Carter: "Re: Nimda and Samba shares"
- Next in thread: Edward York: "Nimda and SSL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
