Nimda_propagation

[CJcool]

Hello,

I'm constantly being attacked by an IP based in Amsterdam and my firewall keeps blocking it and telling me it was a Nimda_propagation attack.
Does anyone know anything about it? I've search for it online, but theres not a lot of info on the subject.

Thanks for your help!!

sorry i think i posted his in the wrong place

[prodikal]

Nimda was (is) a worm that is still spreading around the net http://www.symantec.com/avcenter/ven...imda.a@mm.html
maybe contact the admin of the IP and tell them that they could be infected with a strain of the Nimda worm if your firewall is blocking it you shouldnt have anything to worry about

[tonybradley]

This ties in with a different thread I started:

Broadband & ISP Security

One of the attack vectors of Nimda relies on unpatched IIS systems. In some versions of Windows IIS installs by default so users may not even be aware that its running. Whether they are aware they have IIS or not, many home users don't patch their systems. As they move to broadband and leave their computers on the Internet 24/7 they are sitting ducks.

It would help to contact the ISP and alert them and hopefully they will do something. I have found that whether things are dealt with at all and how efficiently they are dealt with varies widely from ISP to ISP. It can become an exhausting exercise in futility to try and follow up on every Nimda-infected IP that hits your system.

[SirDice]

Originally posted here by tonybradley
It would help to contact the ISP and alert them and hopefully they will do something. I have found that whether things are dealt with at all and how efficiently they are dealt with varies widely from ISP to ISP. It can become an exhausting exercise in futility to try and follow up on every Nimda-infected IP that hits your system.

I agree. But it doesn't hurt to try. I send out about 20-25 abuse emails a day about these kinds of infections. Some reply, some dont, some get killed ;-)

[reaper44]

evan when you clean nimba i find it leave files in your system there are to types .eml and .nws do a*find just in case you have those files in your sytem.if yodo delete them

[Tedob1]

your fire walls blocking them...dont worry about it. If you feel like trying to inform those infected thats fine but we all get this.

one thing though if you decide to vist their web-site to see how to contact them make sure you have scripting turned off. you can get infected from a java script on their web page even if you dont have iis installed.