[Snort-users] hmm...nimda RICHED20.DLL alarms

Guillaume guillaume at ...4029...
Tue Jan 22 01:32:04 EST 2002

Dans son précédent message Roberto Suarez Soto écrivait :
> On Jan/22, fluid wrote:
>> i am getting some of these every day from work (seemingly when
>> users are running Office applications). It is the same set of
>> machines every day...always attacking the same destination
>> server. scans of the server are picking up nothing with any
>> antivirus package i find, and the same is true of the
>> workstations.
> 	I've seen these too. They seem to appear in inofensive and
> well-checked networks. I've seen a few nimda .nws and nimda .eml
> alerts too, from the same hosts that the RICHED20.DLL came; they
> all have been checked for virus, and none was found.
> 	So, if someone knows something about this, I'm pretty much
> 	interested too :-)


RICHED20.DLL is a file that comes with "standard" microsoft products
for windows 95/98 platforms like Office/Access.

More information about the Snort-users mailing list