Mailinglist Archive: opensuse-security (556 mails)
| < Previous | Next > |
Re: [suse-security] WEB IIS cmd exe requests
- From: Boris Lorenz <bolo@xxxxxxx>
- Date: Wed, 19 Sep 2001 12:09:27 +0200 (CEST)
- Message-id: <XFMail.010919120927.bolo@xxxxxxx>
Yup,
On 18-Sep-01 jfweber@xxxxxxxxxxx wrote:
> ** Reply to message from Boris Lorenz <bolo@xxxxxxx> on Tue, 18 Sep 2001
> 18:23:09 +0200 (CEST)
>
> guys , is the same code red derivative that is being reprted on telly ?
> called nimda ? ( note this is admin , reversed <sigh> ) These things
> seem to be escalating. Do we know anything about the objective of this
> little gem? ( note sarcasm ship is ON )
AFAIK, nimda is a Code Red-style worm which spreads via email. It usually hides
inside an attachement called readme.exe and starts to browse the networking
neighbourhood once it has been activated, for example by
doubleclicking/previewing the attachement. It then scans for any vulnerable IIS
servers and attacks them using the Unicode Web Traversal exploit. However,
according to my records, nimda is not Code Red II but a deliberate
transmutation of the Code Red design. There are some infos about nimda on
http://www.sarc.com/avcenter/venc/data/w32.nimda.a@xxxxxxx .
> Also note some haxor group apparently took down the Afgahn Palace's
> website today .. so I would suspect the entire Web commiunity will also
> come under increasing attacks ( there IS always a sort of tit for tat
> aspect in these web *wars*, or so it seems <sigh>
Yep, I too think we're about to have a really wonderful time!
> afterthought: Very funny, Scotty. Now beam down my clothes.
:) LOL
Boris Lorenz <bolo@xxxxxxx>
---
On 18-Sep-01 jfweber@xxxxxxxxxxx wrote:
> ** Reply to message from Boris Lorenz <bolo@xxxxxxx> on Tue, 18 Sep 2001
> 18:23:09 +0200 (CEST)
>
> guys , is the same code red derivative that is being reprted on telly ?
> called nimda ? ( note this is admin , reversed <sigh> ) These things
> seem to be escalating. Do we know anything about the objective of this
> little gem? ( note sarcasm ship is ON )
AFAIK, nimda is a Code Red-style worm which spreads via email. It usually hides
inside an attachement called readme.exe and starts to browse the networking
neighbourhood once it has been activated, for example by
doubleclicking/previewing the attachement. It then scans for any vulnerable IIS
servers and attacks them using the Unicode Web Traversal exploit. However,
according to my records, nimda is not Code Red II but a deliberate
transmutation of the Code Red design. There are some infos about nimda on
http://www.sarc.com/avcenter/venc/data/w32.nimda.a@xxxxxxx .
> Also note some haxor group apparently took down the Afgahn Palace's
> website today .. so I would suspect the entire Web commiunity will also
> come under increasing attacks ( there IS always a sort of tit for tat
> aspect in these web *wars*, or so it seems <sigh>
Yep, I too think we're about to have a really wonderful time!
> afterthought: Very funny, Scotty. Now beam down my clothes.
:) LOL
Boris Lorenz <bolo@xxxxxxx>
---
| < Previous | Next > |