Quoting http://slashdot.org/ _ A new worm seems to be running around. Unlike Code Red, it attempts to hit boxes with many different requests (including what looks like an attempt to exploit boxes still rooted by Code Red). It looks like each IP is hitting 16 times. I had 20 different boxes each hit me 16 times, and I'm not alone. There is also a new mail worm mailing WAV files or something with bits of what appears to be the registry... it may or may not be related. Got any words on this? Shut down those windows boxes folks. And stop opening executable attachments. Oh, make that 21. Got another one while writing this story. I'm calling it 208 for now because all my hits are coming from 208.n.n.n (where I am) I'm sure it'll keep moving. _ have fun :/ -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256
Sven
A new worm seems to be running around. Unlike Code Red, it attempts to hit boxes with many different requests (including what looks like an attempt to exploit boxes still rooted by Code Red). I
Yes, my own firewall logs do look a bit strange this afternoon. Thanks -- Richard
replying to myself: On September 18th, 2001 a new worm has been spreading globally. Nimda is a mass mailing worm that spreads itself in attachments named "readme.exe". Further the worm contains abilitity to scan and spread via Internet Information Server (IIS). To do that, the worm uses either a backdoor created by Sadmind and CodeRed worms, or IIS unicode vulnerability. Source: f-secure.com -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256
participants (2)
-
Richard Ibbotson -
Sven Michels