[Snort-sigs] Nimda virus - urgent
g.coochey at ...138...
Thu Feb 7 00:34:03 EST 2002
We use McAfee Netshield, and it generates this event when users update their
If you have Nimda then you're likely to see lots of NETBIOS nimda.eml,
NETBIOS nimda.nws, WEB IIS cme.exe + directory traversal + Code Red v2
If you're not seeing any of those other mentioned then it's unlikely that
you have a Nimda Outbreak in your network.
From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net]On Behalf Of koyo wong
Sent: 07 February 2002 02:06
To: Snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] Nimda virus - urgent
Recently my network has been continously emergin alerts for this rule:
alert tcp any any -> any 139 (msg:"NETBIOS nimda RICHED20.DLL";
reference:url,www.datafellows.com/v-descs/nimda.shtml; sid:1295; rev:2;)
Would anyone know if this really implies the Nimda virus traffic, thx.
Sign-up for your own FREE Personalized E-mail at Mail.com
Win a ski trip!
_______________________________________________ Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs