Security Incidents mailing list archives
RE: Nimda Infections
From: "Reilly" <reilly () speakeasy org>
Date: Mon, 12 Nov 2001 20:31:16 -0800
oops... sorry. I meant UNICODE directory traversal... wrong rant. Thanks for the nudge in the right direction HC. -----Original Message----- From: H C [mailto:keydet89 () yahoo com] Sent: Monday, November 12, 2001 4:41 PM To: reilly () speakeasy net Subject: Re: Nimda Infections Reilly, I'm not sure I understand what you're talking about. You mention Nimda, and then you mention the .hta/.htq vulnerability. I'm not clear on what one has to do with the other. Nimda doesn't take advantage of that particular vulnerability to IIS web servers. Thanks, Carv --- reilly () speakeasy net wrote:
It's amazing to me when I see the amount of systems still infected with Nimda. In today's logs I see a huge amount of systems in the ATT network that are still banging away. I can't even give you the amount of systems that I'm seeing from China. What is so difficult about patching your system against the .hta, .htq vuln. I don't mean to go off on a rant but am I the only one that feels this way? Is everyone else seeing the same activity? AT&T 12.101.62.4 12.102.47.51 12.103.156.10 12.103.159.94 12.64.128.3 12.64.134.199 12.72.139.96 12.73.5.135 12.74.161.194 12.75.41.165 12.77.146.214 12.77.148.241 12.77.151.250 12.78.144.115 12.81.109.130 12.81.120.25 12.81.163.216 12.81.2.240 12.83.81.182 12.83.83.74 12.84.96.198 12.87.145.155 12.88.161.248 12.88.173.180 12.89.165.130 12.91.118.157 12.98.144.18 12.99.178.250 12.99.179.10 12.99.28.7 12.99.94.158
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
__________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda Infections reilly (Nov 12)
- <Possible follow-ups>
- RE: Nimda Infections Dial Joe (Nov 13)
- RE: Nimda Infections Jim Harrison (SPG) (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Ryan Russell (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Jim Howard (Nov 13)
- RE: Nimda Infections w1re p4ir (Nov 13)
- RE: Nimda Infections Neil Dickey (Nov 13)
- Nimda Infections and code red resurgence Russell Fulton (Nov 13)