[Snort-users] hmm...nimda RICHED20.DLL alarms
Roberto Suarez Soto
robe at ...3881...
Tue Jan 22 00:40:05 EST 2002
On Jan/22, fluid wrote:
> i am getting some of these every day from work (seemingly when users are
> running Office applications). It is the same set of machines every
> day...always attacking the same destination server. scans of the server are
> picking up nothing with any antivirus package i find, and the same is true
> of the workstations.
I've seen these too. They seem to appear in inofensive and
well-checked networks. I've seen a few nimda .nws and nimda .eml alerts too,
from the same hosts that the RICHED20.DLL came; they all have been checked for
virus, and none was found.
So, if someone knows something about this, I'm pretty much interested
Roberto Suarez Soto Alfa21 Outsourcing
robe at ...3881... http://www.alfa21.com
More information about the Snort-users