Re: exploit or human

From: Ben Nelson (lists_at_venom600.org)
Date: 03/30/05

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Vendor notification" 
    Date: Wed, 30 Mar 2005 10:14:24 -0700
To: Cristian Stanca <cristian.stanca@radcom.ro>, incidents@securityfocus.com

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Cristian Stanca wrote:
    > Could that be a worm, exploit or something, or looks like a human
    > intervention situation?!
    >
    >
    Are all of these servers in the same location? Another possibility is
    an environment change. We've seen hardware failures similar to this on
    multiple machines before and the cause was an increase in datacenter
    temperature. Just something else to consider.

    - --Ben
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    iD8DBQFCSt5w3cL8qXKvzcwRAtpmAKC2PDZKymIrIS9Y7OTwNuvMLfvTuwCeMYCf
    Mfu0CiEkKS4E3uNdMnS6/YA=
    =T3fa
    -----END PGP SIGNATURE-----

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Vendor notification"

    Relevant Pages

    • Nimda Worm Alert - What Ive done so far.
      ... Download/Install URL Scan for www servers. ... A new worm named W32/Nimda-A (known aliases are Nimda, Minda, Concept ... Microsoft IIS 4.0/5.0 File Permission Canonicalization Vulnerability ...
      (Focus-Microsoft)
    • Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]
      ... computers that are currently infected with the Sobig.F worm ... > infected device possibly involving the "master servers," the others opened ... > This press release comes from F-Secure. ... > has been added to our lists without your consent, ...
      (microsoft.public.security)
    • Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]
      ... computers that are currently infected with the Sobig.F worm ... > infected device possibly involving the "master servers," the others opened ... > This press release comes from F-Secure. ... > has been added to our lists without your consent, ...
      (microsoft.public.inetserver.iis.security)
    • Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]
      ... computers that are currently infected with the Sobig.F worm ... > infected device possibly involving the "master servers," the others opened ... > This press release comes from F-Secure. ... > has been added to our lists without your consent, ...
      (microsoft.public.windowsxp.security_admin)
    • RE: New "concept" virus/worm?
      ... The W32.Nimda.A@mm worm infects IIS servers by exploiting the 'MS IIS/PWS ... opening the attachment will infect the machine. ... The virus comes at a time of heightened sensitivity to Internet attack. ...
      (Vuln-Dev)