Security Incidents mailing list archives

Re: NIMDA - ceased ? -

From: "Jay D. Dyson" <jdyson () treachery net>
Date: Fri, 27 Dec 2002 09:57:48 -0800 (PST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 26 Dec 2002, Tomo wrote:

Is NIMDA (GET /scripts/..%252f../winnt/system32 ...something)  ceased? 
04:54, Dec. 23 UTC is the last access of them, around here.

Any comments ?


        We should be so lucky.  I'm still getting Nimda scans here.  Got
around a dozen attacks on the day after Xmas, too.

        Nimda isn't dead.  It's taking a nap.

- -Jay

   (    (                                                         _______
   ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
 C|~~|C|~~| (>------ Jay D. Dyson - jdyson () treachery net ------<) |    = |-'
  `--' `--'  `How about a 10-day waiting period on YOUR rights?'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQE+DJShTqL/+mXtpucRAq3fAKDCveegwFKnltwNYRZlUps3G2zvsQCdEufD
gso4o5gSAtQR8fqvrOTbQQA=
=ujoH
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

NIMDA - ceased ? - Tomo (Dec 27)
- Re: NIMDA - ceased ? - Johannes Ullrich (Dec 27)
- Re: NIMDA - ceased ? - Jay D. Dyson (Dec 27)
- Re: NIMDA - ceased ? - Skip Carter (Dec 27)
- <Possible follow-ups>
- Re: NIMDA - ceased ? - Neil Dickey (Dec 27)
  - Re: NIMDA - ceased ? - James C. Slora Jr. (Dec 27)
- Re: NIMDA - ceased ? - Roger Thompson (Dec 30)