[Snort-users] Nimda infections..

Franki frankieh at ...2806...
Thu Sep 20 00:04:02 EDT 2001

Hi all,

I just thought I'd mention something,,

last night I posed a URL to an infected server to show people what it

The reason I only gave a token warning about it, was because in my case, the
file asked to be downloaded and where I wanted to save it.

It turns out that it does that because I have every MS updated loaded on

if you have a version of IE prior to 6 (or an unpatched earlier version),
and you go to a site thats infected by Nimda,, it will autodownload the .eml
file and you get infected..

I was unaware of this last night and figured everyone would be asked if they
wanted to download the file,,, to which you could cancel...

My apologies..



More information about the Snort-users mailing list