Yup, On 18-Sep-01 jfweber@eternal.net wrote:
** Reply to message from Boris Lorenz
on Tue, 18 Sep 2001 18:23:09 +0200 (CEST) guys , is the same code red derivative that is being reprted on telly ? called nimda ? ( note this is admin , reversed <sigh> ) These things seem to be escalating. Do we know anything about the objective of this little gem? ( note sarcasm ship is ON )
AFAIK, nimda is a Code Red-style worm which spreads via email. It usually hides inside an attachement called readme.exe and starts to browse the networking neighbourhood once it has been activated, for example by doubleclicking/previewing the attachement. It then scans for any vulnerable IIS servers and attacks them using the Unicode Web Traversal exploit. However, according to my records, nimda is not Code Red II but a deliberate transmutation of the Code Red design. There are some infos about nimda on http://www.sarc.com/avcenter/venc/data/w32.nimda.a@mm.html .
Also note some haxor group apparently took down the Afgahn Palace's website today .. so I would suspect the entire Web commiunity will also come under increasing attacks ( there IS always a sort of tit for tat aspect in these web *wars*, or so it seems <sigh>
Yep, I too think we're about to have a really wonderful time!
afterthought: Very funny, Scotty. Now beam down my clothes.
:) LOL
Boris Lorenz