[Snort-users] Nimda infections..

Franki frankieh at ...2806...
Thu Sep 20 00:04:02 EDT 2001


Hi all,

I just thought I'd mention something,,

last night I posed a URL to an infected server to show people what it
does...


The reason I only gave a token warning about it, was because in my case, the
file asked to be downloaded and where I wanted to save it.

It turns out that it does that because I have every MS updated loaded on
it..

if you have a version of IE prior to 6 (or an unpatched earlier version),
and you go to a site thats infected by Nimda,, it will autodownload the .eml
file and you get infected..


I was unaware of this last night and figured everyone would be asked if they
wanted to download the file,,, to which you could cancel...


My apologies..


rgds

Frank





More information about the Snort-users mailing list