[Snort-users] Nimda infections..
frankieh at ...2806...
Thu Sep 20 00:04:02 EDT 2001
I just thought I'd mention something,,
last night I posed a URL to an infected server to show people what it
The reason I only gave a token warning about it, was because in my case, the
file asked to be downloaded and where I wanted to save it.
It turns out that it does that because I have every MS updated loaded on
if you have a version of IE prior to 6 (or an unpatched earlier version),
and you go to a site thats infected by Nimda,, it will autodownload the .eml
file and you get infected..
I was unaware of this last night and figured everyone would be asked if they
wanted to download the file,,, to which you could cancel...
More information about the Snort-users