[Snort-users] IIS cmd.exe and unicode
Daniel.Madden at ...3956...
Wed Oct 31 02:09:02 EST 2001
A little more reading...
The major differences in this are, along with the filenames to filter are:
* The attachment received has been changed to: Sample.exe
* The dropped .dll file is now: Httpodbc.dll/cool.dll
* The worm now copies itself to the \Windows\System folder as Csrss.exe instead of Mmc.exe
From: Bastian Ballmann [mailto:ballmann at ...3190...]
Sent: Wednesday, October 31, 2001 9:00 AM
To: Snort-users at lists.sourceforge.net
Subject: [Snort-users] IIS cmd.exe and unicode
-----BEGIN PGP SIGNED MESSAGE-----
Hi community!! =)
Does anyone know if nimba is still very active? Or if another worm is using
the IIS cmd.exe and unicode exploit to spread?
Cause last night Snort detected a very high amount of those attacks...
Thanx and greets
@ Computational Design
- ---:[ Keep the right to crypt!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users