Re: Why?

From: Darren (darrenlsANTISPAM82@ntlworld.com)
Date: 06/21/02


From: "Darren" <darrenlsANTISPAM82@ntlworld.com>
Date: Fri, 21 Jun 2002 18:04:20 +0100


"RainbowHat" <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message
news:2SGXML37EV6W1113X20OKCXMnHiATlE@blackhole.mit.edu...
> < Darren
> >"RainbowHat" <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message
> >news:X8XXMKZLH89W1114EK7LGRUPnHiATlE@blackhole.mit.edu...
>
> >> Here is a covert channel proof of concept over Nimda imitated packets.
> >> Apache 1.3.24 has released at 22nd March so I decided to post today.
>
> >i have spent a lot of time chasing nimda along with other viruses like
it. I
>
> Chasing and researching worms and viruses is a good things.
>
> >have noticed that the writers have spent a huge amount of time and effort
in
> >creating and keeping nimda up to date. Nimda is a viral work of art. It
is
> >the product of lots of effort, lots of time, lots of team work. So i have
> >some questions.
> >
> >Why?
> >Whats the point?
> >whats in it for the writers?
>
> Sorry for my poor English expressions. Maybe you are misunderstanding.
> I'm not a Nimda code anther nor doing maintenance. I'm not saying about
> new Nimda variant version to Windoze IIS users but suggesting about
> Nimda _imitated_ (masqueraded, mimic) packets to Linux or other platform
> Apache users. I'm saying about Nimda log looks covert channel backdoor.
> Because most Apache user are ignoring Nimda looks logs.

I wasn't of the impression that you were a nimda coder my friend. I was only
asking why people put so much effort into its maintenance
>
> --
> Regards, RainbowHat. To spoof or not to spoof, that is the IPv4 packet.
> ----+----1----+----2----+----3----+----4----+----5----+----6----+----7
>



Relevant Pages

  • Re: Why?
    ... >> Apache 1.3.24 has released at 22nd March so I decided to post today. ... >i have spent a lot of time chasing nimda along with other viruses like it. ...
    (comp.os.linux.security)
  • Re: Why?
    ... >> Apache 1.3.24 has released at 22nd March so I decided to post today. ... >i have spent a lot of time chasing nimda along with other viruses like it. ...
    (comp.os.linux.security)
  • Re: Apache access log
    ... >noticing the following errors in the access log. ... My snipped logs looks like Nimda and Code Red not ... ~9 packets per 2 seconds. ...
    (comp.os.linux.security)
  • Re: Apache access log
    ... >noticing the following errors in the access log. ... My snipped logs looks like Nimda and Code Red not ... ~9 packets per 2 seconds. ...
    (comp.os.linux.security)
  • Re: Why?
    ... >>> Here is a covert channel proof of concept over Nimda imitated packets. ... >>i have spent a lot of time chasing nimda along with other viruses like ... >>have noticed that the writers have spent a huge amount of time and effort ...
    (comp.os.linux.security)