Re: Code Red / Nimda Antidote?

From: Brad Arlt (arlt@cpsc.ucalgary.ca)
Date: 09/09/02


Date: Mon, 9 Sep 2002 13:20:27 -0600
From: Brad Arlt <arlt@cpsc.ucalgary.ca>
To: Clinton Smith <security@infosecwest.com>

On Mon, Sep 09, 2002 at 09:28:49AM +0800, Clinton Smith wrote:
> In the last three days - I have seen a Dramatic decrease in the number
> of code red and nimda events:
>
> ie from 20-30 per day down to <3

Actually I have seen the opposite, we used to get <3 a week, and I
have gotten atleast 5 in the last four hours. 30 - 50 over the
weekend.

> Has there been an anti-worm etc released?
>
> Is anyone else seeing this trend?

I am seeing the opposite trend, maybe I got yours :). But I thought
maybe there was another virus doing the rounds that used Nimda as a
payload or a "I will try to infect this machine with myself and
Nimda/Code Red".

I was figuring the latter because I am seeing a few successive
infection attempts, Klez, Yaha, and Nimda (or Code Red). Could be
coincidence, but I raised an eyebrow.
-----------------------------------------------------------------------
   __o Bradley Arlt Security Team Lead
 _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary
(_)/(_) I should be biking right now. Computer Science

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • RE: Nimda Infections
    ... Subject: Nimda Infections ... > I don't think I've seen a posting or action of the Nimda worm to infect ... Everything in the logs shows only IIS ... infect vulnerable clients who visit an infected site. ...
    (Incidents)
  • Re: Nimda on Mac?
    ... Subject: Nimda on Mac? ... Because the email attachments are exe files, it is not possible to infect a ... Mac which does not have some Windows emulation abilities installed. ... Regarding yesterday's discussion of effects of the nimda virus on a Mac, ...
    (Incidents)
  • Re: Network 195.70.202.0/24 is hacker-freindly
    ... and the Nimda can infect them of being inside of the net. ... The other thing is to share the knowledge about these networks between all ... Information Security Officer of DeltaBank ...
    (Incidents)