Worm Watch

["John Thornton" <jthornton () hackersdigest com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am releasing a tool that I have written that monitors port 80
loging servers infected by Nimda. However the point of the tool is
not just to log infected servers but to look for variants. As we have
seen in the past worms being released in the wild then rereleased
with new logic, Worm Watcher will log changes made to http requests,
number requested, the order they are requested etc. This will spot a
rereleased version of Nimda that we know will be in the wild in a
matter of time.

screen shot ( http://www.hackersdigest.com/wormwatch/wormwatch.jpg )
source code ( http://www.hackersdigest.com/wormwatch/wormwatch.zip )


H A C K E R ' S D I G E S T
- --------------------------------------------------
A Magazine For People Like You
- --------------------------------------------------

www.hackersdigest.com


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBO6ihVhvYMaRdXcazEQJRxQCfWdkZYQaYbPUX+6K9kOHwuxFI0pAAniF1
p7ab1HcYl/3UC0Ot21xQxMYP
=t0RK
-----END PGP SIGNATURE-----



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com