Re: Code Red / Nimda Antidote?

From: Brad Arlt (arlt@cpsc.ucalgary.ca)
Date: 09/09/02


Date: Mon, 9 Sep 2002 13:20:27 -0600
From: Brad Arlt <arlt@cpsc.ucalgary.ca>
To: Clinton Smith <security@infosecwest.com>

On Mon, Sep 09, 2002 at 09:28:49AM +0800, Clinton Smith wrote:
> In the last three days - I have seen a Dramatic decrease in the number
> of code red and nimda events:
>
> ie from 20-30 per day down to <3

Actually I have seen the opposite, we used to get <3 a week, and I
have gotten atleast 5 in the last four hours. 30 - 50 over the
weekend.

> Has there been an anti-worm etc released?
>
> Is anyone else seeing this trend?

I am seeing the opposite trend, maybe I got yours :). But I thought
maybe there was another virus doing the rounds that used Nimda as a
payload or a "I will try to infect this machine with myself and
Nimda/Code Red".

I was figuring the latter because I am seeing a few successive
infection attempts, Klez, Yaha, and Nimda (or Code Red). Could be
coincidence, but I raised an eyebrow.
-----------------------------------------------------------------------
   __o Bradley Arlt Security Team Lead
 _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary
(_)/(_) I should be biking right now. Computer Science

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com