nimda tries to send mail after reboot

From: John Q. Public (tpublic@dimensional.com)
Date: 09/18/01

Previous message: Gary Warner: "Concept Virus / Nimda"
Next in thread: John Q. Public: "Re: nimda tries to send mail after reboot"
Reply: John Q. Public: "Re: nimda tries to send mail after reboot"
Reply: John Q. Public: "Re: nimda tries to send mail after reboot"
Reply: Brett Glass: "Re: nimda tries to send mail after reboot"
Reply: Brett Glass: "Re: nimda tries to send mail after reboot"
Reply: Andrew Mulholland: "RE: nimda tries to send mail after reboot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 18 Sep 2001 12:41:21 -0600 (MDT)
From: "John Q. Public" <tpublic@dimensional.com>
To: incidents@securityfocus.com, bugtraq@securityfocus.com
Subject: nimda tries to send mail after reboot
Message-ID: <Pine.SUN.4.10.10109181239090.5690-100000@flatland.dimensional.com>

always to the same IP: 202.106.185.107

sorry if it's been posted, but I haven't seen anything about that particular
IP yet.

the address appears unreachable (was hoping for an answer to identify itself)

.nhoJ

from APNIC:

inetnum: 202.106.0.0 - 202.106.255.255
netname: CHINANET-BJ
descr: CHINANET Beijing province network
descr: Data Communication Division
descr: China Telecom
country: CN
admin-c: CH93-AP
tech-c: SY21-AP
mnt-by: MAINT-CHINANET
mnt-lower: MAINT-CHINANET-BJ
changed: hostmaster@ns.chinanet.cn.net 20000101
source: APNIC

person: Chinanet Hostmaster
address: A12,Xin-Jie-Kou-Wai Street
country: CN
phone: +86-10-62370437
fax-no: +86-10-62053995
e-mail: hostmaster@ns.chinanet.cn.net
nic-hdl: CH93-AP
mnt-by: MAINT-CHINANET
changed: hostmaster@ns.chinanet.cn.net 20000101
source: APNIC

person: sun ying
address: Beijing Telecommunication Administration
address: TaiPingHu DongLi 18, Xicheng District
address: Beijing 100031
country: CN
phone: +86-10-66198941
fax-no: +86-10-68511003
e-mail: suny@publicf.bta.net.cn
nic-hdl: SY21-AP
mnt-by: MAINT-CHINANET-BJ
changed: suny@publicf.bta.net.cn 19980824
source: APNIC

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Previous message: Gary Warner: "Concept Virus / Nimda"
Next in thread: John Q. Public: "Re: nimda tries to send mail after reboot"
Reply: John Q. Public: "Re: nimda tries to send mail after reboot"
Reply: John Q. Public: "Re: nimda tries to send mail after reboot"
Reply: Brett Glass: "Re: nimda tries to send mail after reboot"
Reply: Brett Glass: "Re: nimda tries to send mail after reboot"
Reply: Andrew Mulholland: "RE: nimda tries to send mail after reboot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: What Is This?
... country: CN ... mnt-by: MAINT-CHINANET ... tech-c: JN113-AP ...
(comp.security.firewalls)
Re: Mail server under attack
... > It seems that my e-mail server is under attack. ... country: CN ... mnt-by: MAINT-CHINANET ...
(comp.os.linux.security)
Mikes desktop
... country: CN ... mnt-by: MAINT-CHINANET ... nic-hdl: LZ33-AP ...
(microsoft.public.security)
Re: Backdoor-CGT
... country: CN ... mnt-by: MAINT-CHINANET ... nic-hdl: WM12-AP ...
(Incidents)
Re: nimda tries to send mail after reboot
... nimda tries to send mail after reboot ... we cannot get it to send mail to a dummy host we have built. ... |mnt-by: MAINT-CHINANET ...
(Incidents)