Nimda_propagation
Results 1 to 6 of 6

Thread: Nimda_propagation

  1. #1
    Junior Member
    Join Date
    Mar 2003
    Posts
    1

    Question Nimda_propagation

    Hello,

    I'm constantly being attacked by an IP based in Amsterdam and my firewall keeps blocking it and telling me it was a Nimda_propagation attack.
    Does anyone know anything about it? I've search for it online, but theres not a lot of info on the subject.

    Thanks for your help!!

    sorry i think i posted his in the wrong place
    CJcool

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    Nimda was (is) a worm that is still spreading around the net http://www.symantec.com/avcenter/ven...imda.a@mm.html
    maybe contact the admin of the IP and tell them that they could be infected with a strain of the Nimda worm if your firewall is blocking it you shouldnt have anything to worry about
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  3. #3
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    This ties in with a different thread I started:

    Broadband & ISP Security

    One of the attack vectors of Nimda relies on unpatched IIS systems. In some versions of Windows IIS installs by default so users may not even be aware that its running. Whether they are aware they have IIS or not, many home users don't patch their systems. As they move to broadband and leave their computers on the Internet 24/7 they are sitting ducks.

    It would help to contact the ISP and alert them and hopefully they will do something. I have found that whether things are dealt with at all and how efficiently they are dealt with varies widely from ISP to ISP. It can become an exhausting exercise in futility to try and follow up on every Nimda-infected IP that hits your system.

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by tonybradley
    It would help to contact the ISP and alert them and hopefully they will do something. I have found that whether things are dealt with at all and how efficiently they are dealt with varies widely from ISP to ISP. It can become an exhausting exercise in futility to try and follow up on every Nimda-infected IP that hits your system.
    I agree. But it doesn't hurt to try. I send out about 20-25 abuse emails a day about these kinds of infections. Some reply, some dont, some get killed ;-)

  5. #5
    evan when you clean nimba i find it leave files in your system there are to types .eml and .nws do a*find just in case you have those files in your sytem.if yodo delete them

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    your fire walls blocking them...dont worry about it. If you feel like trying to inform those infected thats fine but we all get this.

    one thing though if you decide to vist their web-site to see how to contact them make sure you have scripting turned off. you can get infected from a java script on their web page even if you dont have iis installed.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •