Re: Why?

From: RainbowHat (nHiATlE@blSackholeP.mAit.edMu.invalid)
Date: 06/20/02

From: RainbowHat <nHiATlE@blSackholeP.mAit.edMu.invalid>
Date: Wed, 19 Jun 2002 23:54:55 +0000 (UTC)

< Darren
>"RainbowHat" <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message

>> Here is a covert channel proof of concept over Nimda imitated packets.
>> Apache 1.3.24 has released at 22nd March so I decided to post today.

>i have spent a lot of time chasing nimda along with other viruses like it. I

Chasing and researching worms and viruses is a good things.

>have noticed that the writers have spent a huge amount of time and effort in
>creating and keeping nimda up to date. Nimda is a viral work of art. It is
>the product of lots of effort, lots of time, lots of team work. So i have
>some questions.
>Whats the point?
>whats in it for the writers?

Sorry for my poor English expressions. Maybe you are misunderstanding.
I'm not a Nimda code anther nor doing maintenance. I'm not saying about
new Nimda variant version to Windoze IIS users but suggesting about
Nimda _imitated_ (masqueraded, mimic) packets to Linux or other platform
Apache users. I'm saying about Nimda log looks covert channel backdoor.
Because most Apache user are ignoring Nimda looks logs.

Regards, RainbowHat. To spoof or not to spoof, that is the IPv4 packet.