Re: Why?

From: Darren (
Date: 06/21/02

From: "Darren" <>
Date: Fri, 21 Jun 2002 18:04:20 +0100

"RainbowHat" <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message
> < Darren
> >"RainbowHat" <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message
> >
> >> Here is a covert channel proof of concept over Nimda imitated packets.
> >> Apache 1.3.24 has released at 22nd March so I decided to post today.
> >i have spent a lot of time chasing nimda along with other viruses like
it. I
> Chasing and researching worms and viruses is a good things.
> >have noticed that the writers have spent a huge amount of time and effort
> >creating and keeping nimda up to date. Nimda is a viral work of art. It
> >the product of lots of effort, lots of time, lots of team work. So i have
> >some questions.
> >
> >Why?
> >Whats the point?
> >whats in it for the writers?
> Sorry for my poor English expressions. Maybe you are misunderstanding.
> I'm not a Nimda code anther nor doing maintenance. I'm not saying about
> new Nimda variant version to Windoze IIS users but suggesting about
> Nimda _imitated_ (masqueraded, mimic) packets to Linux or other platform
> Apache users. I'm saying about Nimda log looks covert channel backdoor.
> Because most Apache user are ignoring Nimda looks logs.

I wasn't of the impression that you were a nimda coder my friend. I was only
asking why people put so much effort into its maintenance
> --
> Regards, RainbowHat. To spoof or not to spoof, that is the IPv4 packet.
> ----+----1----+----2----+----3----+----4----+----5----+----6----+----7