Newest Nimda variant? Scanning ftp,telnet,smtp,snmp?
From: Glenn Forbes Fleming Larratt (glratt@io.com)Date: 12/20/01
- Previous message: robh@forestknoll.com: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
- Next in thread: H C: "Re: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp?"
- Reply: H C: "Re: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp?"
- Reply: Tony Langdon: "RE: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Dec 2001 23:14:49 -0600 (CST) From: Glenn Forbes Fleming Larratt <glratt@io.com> To: <incidents@securityfocus.com>
Can someone point me to a recent and fairly complete Nimda analysis?
I have logs of an infected host that's not only doing the "GET .../c+dir"
thing and scanning for Windows shares, but also scanning for open TCP
ports 20, 21, 23, and 25, *and* UDP 161.
Is this a variant I've not read about, or am I possibly cross-infected
with Nimda *and* something else?
Any info gratefully received,
-g
-- Glenn Forbes Fleming Larratt The Lab Ratt (not briggs :-) glratt@io.com http://www.io.com/~glratt There are imaginary bugs to chase in heaven.---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: robh@forestknoll.com: "RE: *MAJOR SECURITY BREACH AT CCBILL**"
- Next in thread: H C: "Re: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp?"
- Reply: H C: "Re: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp?"
- Reply: Tony Langdon: "RE: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
