Re: Why?

From: RainbowHat (nHiATlE@blSackholeP.mAit.edMu.invalid)
Date: 06/20/02


From: RainbowHat <nHiATlE@blSackholeP.mAit.edMu.invalid>
Date: Wed, 19 Jun 2002 23:54:55 +0000 (UTC)


< Darren
>"RainbowHat" <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message
>news:X8XXMKZLH89W1114EK7LGRUPnHiATlE@blackhole.mit.edu...

>> Here is a covert channel proof of concept over Nimda imitated packets.
>> Apache 1.3.24 has released at 22nd March so I decided to post today.

>i have spent a lot of time chasing nimda along with other viruses like it. I

Chasing and researching worms and viruses is a good things.

>have noticed that the writers have spent a huge amount of time and effort in
>creating and keeping nimda up to date. Nimda is a viral work of art. It is
>the product of lots of effort, lots of time, lots of team work. So i have
>some questions.
>
>Why?
>Whats the point?
>whats in it for the writers?

Sorry for my poor English expressions. Maybe you are misunderstanding.
I'm not a Nimda code anther nor doing maintenance. I'm not saying about
new Nimda variant version to Windoze IIS users but suggesting about
Nimda _imitated_ (masqueraded, mimic) packets to Linux or other platform
Apache users. I'm saying about Nimda log looks covert channel backdoor.
Because most Apache user are ignoring Nimda looks logs.

-- 
Regards, RainbowHat. To spoof or not to spoof, that is the IPv4 packet.
----+----1----+----2----+----3----+----4----+----5----+----6----+----7



Relevant Pages

  • Re: Gotta love the server access logs!
    ... >> for IIS-type requests from worms like Nimda and such, ... >> Appearantly IIS worms are much easier to write and implement than anything ... >> for Apache, or we would see a lot more of that around. ... Don't worry about these nimda type requests. ...
    (comp.os.linux.security)
  • Re: Am i safe now?
    ... Yes you are safe from Nimda and CodeRed ... Apache? ... > Hi all im runing apache2 as a front end server but now i need to use .asp ...
    (microsoft.public.inetserver.iis.security)
  • Nimda covert channel
    ... Here is a covert channel proof of concept over Nimda imitated packets. ... Apache 1.3.24 has released at 22nd March so I decided to post today. ...
    (comp.os.linux.security)
  • Nimda covert channel
    ... Here is a covert channel proof of concept over Nimda imitated packets. ... Apache 1.3.24 has released at 22nd March so I decided to post today. ...
    (comp.os.linux.security)
  • Re: Why?
    ... >>> Here is a covert channel proof of concept over Nimda imitated packets. ... >>i have spent a lot of time chasing nimda along with other viruses like ... >>have noticed that the writers have spent a huge amount of time and effort ...
    (comp.os.linux.security)