Re: Nimda.E/unknown memory resident, internet-aware processes

From: Johannes Ullrich (jullrich@euclidian.com)
Date: 03/20/03

  • Next message: Pierre Vandevenne: ""webmoney" trojan and COM interface analysis" 
    Date: Thu, 20 Mar 2003 11:03:05 -0500
From: "Johannes Ullrich" <jullrich@euclidian.com>
To: "Matt Hornsby" <mr.hornsby@attbi.com>

    > Anyone seen this before?

    typical 'botnet'. Not sure which code they are using, but this basic
    setup is very common.

    The fact that the machine got eventually infected with Nimda just
    shows that it was vulnerable all along. Finding multiple backdoors
    on machines like this is common. 

    -- 
--------------------------------------------------------------------
jullrich@euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
  • Next message: Pierre Vandevenne: ""webmoney" trojan and COM interface analysis"

    Relevant Pages

    • Re: Mixers & Recorders Recommendations
      ... Going straight into the recorder? ... not very common in my extensive ... very portable bag rig always set up and having a more detailed cart ... Oh there is, only it is different for every setup, or job, or market ...
      (rec.arts.movies.production.sound)
    • Re: Serial communicaions
      ... RS-232 is common mode which is but another reason why ... With regard to the faulty systemm, I have an identical setup and this ... is to remove the surge protection and watch another PC get ...
      (alt.machines.cnc)
    • Re: sort of a beginner question about globals
      ... haven't seen any straight forward tutorials yet. ... setUp is called before each test case, so saving a data structure as self.something eliminates boilerplate at the top of every test; if you don't need anything in common, don't bother defining setUp. ... The test methods should be named "test_..."; the name is how unittest know which are test cases. ...
      (comp.lang.python)
    • Re: Centos5: permissions or installation problem?
      ... I understand a common ... apps require the first one, and 50% of web apps require the second one. ... Where did this strange setup come from? ... Is it just that commercial Unices had terrible package management? ...
      (comp.os.linux.misc)
    • Re: New Casualty Director
      ... > I've not watched Casualty for years as, in common with all other soaps, ... > it said everything that needed to be said about the setup in the first ... > would the kid running round the kitchen pull the pan of boiling water ...
      (uk.media.tv.misc)