RE: RE: Re: New Virus -NIMBDA

From: Andy Levy (andylevy@yahoo.com)
Date: Wed Sep 19 2001 - 00:18:09 EDT


We were totally clean on Code Red, so when I saw the article on /. this
morning about the new one, I said "bah, we got through CR OK, we'll be fine
this time too."

No one saw this coming. Even MSNBC got hit and started infecting unknowing
visitors through that "push .eml as a .wav" trick.

I really should get to bed. I got released at 10 PM as they knew people
would have to be fresh in the morning, and I'm on the 7 AM crew for this
incident. Happy happy, joy joy.

Ronald Wong wrote:

> Man that sucks. That's what happened to us with the "Code Red" one. We
> got blind-sided.
>
> Ron
> 00 PB SLT QC 4X2 5.9 46RE 3.92 LSD
> For modifications see my DML Profile (URL follows)
> http://www.twistedbits.net/WWWProfile/dakota/Kw9pV1EkFeOYY
>
>
> -----Original Message-----
> From: owner-dakota-truck@BUFFNET.NET
> [mailto:owner-dakota-truck@BUFFNET.NET]On Behalf Of Andy Levy
> Sent: Tuesday, September 18, 2001 8:48 PM
> To: dakota-truck-moderator@bent.twistedbits.net
> Subject: RE: DML: RE: Re: New Virus -NIMBDA
>
>
> We shut our links down too. But too late - it was one of our "reaction"
> steps after learning we got slammed by it.
>
> This thing attempts to exploit SIXTEEN vulnerabilities in various software
> that could be installed on an NT/2000 box, including stuff related to the
> Code Red worms. As I speak, some of my co-workers are rebuliding 13
> servers. I lead a crew checking over 60 desktops in the span of about 2
> hours. Fortunately, all those checked out clean.
>
> I don't think we know how we got hit just yet. We have so many people
> getitng into our network from remote (other companies we've acquired,
> field agents, etc.) we may never really know.
>
> Ronald Wong wrote:
>
>> I agree Andy. There are various versions. I believe that this is some
>> sort of derivative of the "Code Red" virus and there are versions that
>> are server
>> specific and others, such as I mentioned that are MS Outlook specific.
>> My warning is a heads-up to all out there that get lackadaisical about
>> these
>> things. One hopes, after all the events of the past week, that people
>> will be on their guard about any and all type of security issues, though
>> this
>> virus has nothing to do with those events. Our company shut down all
>> links to the Internet this afternoon to prepare for this thing.
>>
>> Ron
>> 00 PB SLT QC 4X2 5.9 46RE 3.92 LSD
>> For modifications see my DML Profile (URL follows)
>> http://www.twistedbits.net/WWWProfile/dakota/Kw9pV1EkFeOYY
>>
>>
>> -----Original Message-----
>> From: owner-dakota-truck@BUFFNET.NET
>> [mailto:owner-dakota-truck@BUFFNET.NET]On Behalf Of Andy Levy
>> Sent: Tuesday, September 18, 2001 8:16 PM
>> To: dakota-truck-moderator@bent.twistedbits.net
>> Subject: Re: DML: RE: Re: New Virus -NIMBDA
>>
>>
>> It doesn't even need Outlook (Express) on some systems. There is no
>> silver-bullet "shut this thing off" cure for this one.
>>
>> Ronald Wong wrote:
>>
>>> Both. Make sure you set security on high.
>>>
>>> Ron
>>> 00 PB SLT QC 4X2 5.9 46RE 3.92 LSD
>>> For modifications see my DML Profile (URL follows)
>>> http://www.twistedbits.net/WWWProfile/dakota/Kw9pV1EkFeOYY
>>>
>>>
>>> -----Original Message-----
>>> From: owner-dakota-truck@BUFFNET.NET
>>> [mailto:owner-dakota-truck@BUFFNET.NET]On Behalf Of KBSHADOW
>>> Sent: Tuesday, September 18, 2001 7:02 PM
>>> To: dakota-truck-moderator@bent.twistedbits.net
>>> Subject: DML: Re: New Virus -NIMBDA
>>>
>>>
>>> Ronald
>>>
>>> Will it infect outlook express also or just outlook.
>>>
>>> Thanks
>>> Bob
>>> Stockton Ca
>>>
>>>
>>> ""Ronald Wong"" <ron-wong@home.com> wrote in message
>>>
>>>
>>>
>>>
>>
>> --
>> -andy
>> andylevy@yahoo.com
>> Maintainer, DML FAQ - http://www.dakota-truck.net/faq/
>> http://home.twcny.rr.com/andylevy/dakota/
>> '99 CC 4x4 318 auto
>>
>>
>
> --
> -andy
> andylevy@yahoo.com
> Maintainer, DML FAQ - http://www.dakota-truck.net/faq/
> http://home.twcny.rr.com/andylevy/dakota/
> '99 CC 4x4 318 auto
>
>

-- 
-andy
andylevy@yahoo.com
Maintainer, DML FAQ - http://www.dakota-truck.net/faq/
http://home.twcny.rr.com/andylevy/dakota/
'99 CC 4x4 318 auto



This archive was generated by hypermail 2b29 : Fri Jun 20 2003 - 12:02:51 EDT