[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[connect24h:04703] Re: Nimda signature

To: connect24h@xxxxxxxxxxxxxxxxxxxx
Subject: [connect24h:04703] Re: Nimda signature
From: Hiroshi Tsukamoto <hirobo-24@xxxxxxx>
Date: Wed, 19 Sep 2001 22:45:58 +0900

$BDMK\$G$9(B
(B
(BKoga Youichirou <y-koga@xxxxxxxxxxxxxxxx> wrote:
(B
(B> $B%a!<%k$K$D$$$F$O!"0J2<$,J8;zNs8GDjItJ,$@$H;W$$$^$9!#(B
(B> 
(B> <HTML><HEAD></HEAD><BODY bgColor=3D#ffffff>
(B
$B$3$l$H(B
(B
(B> 	name="readme.exe"
(B
$B$3$l$0$i$$$G$9$+$M!#(B
(B
(B> $B$"$H!"(Breadme.exe $B$r(B strings $B$7$F$_$?$i!"(B
(B
$B$3$C$A$O(B
(B
(B> GET %s HTTP/1.0
(B> Host: www
(B> Connnection: close
(B
$B$3$s$J%9%Z%k%_%9(B(n$B$,$R$H$DB?$$(B)$B$r$9$k$d$D$OB>$K$$$=$&$b(B
$B$J$$$N$G!"(B
(B
(B> HTTP $B$G$N967b$K$D$$$F$O!"(BHost: www $B$H(B Connection: close $B$H$"$o$;$k(B
(B> $B$H(B Nimda $B$r0z$C$+$1$k$3$H$,$G$-$k$+$b$7$l$^$;$s!#(B
(B
$B$*$C$7$c$k$h$&$K(B
(Balert tcp any any -> $HTTP_SERVERS 80 (msg: "Nimda Worm Defacement Prove"; flags:PA+; content: "Host\: www|0D0A|Connnection\: close"; depth:128;)
(B
$B$3$s$J46$8$G$$$1$=$&$G$9!#(B
(B
(B-- 
$BDMK\(B  $B90(B
(Bhirobo-24@xxxxxxx
(B
(B------------------------------------------------------------------------
$B!!!!!!!!!!!!!!!!(B $B%K%e!<%9B.Js!*!!$O%$%s%U%)%7!<%/$G!*!*(B
$B!!!!!!!!(B http://www.infoseek.co.jp/Home?pg=Home.html&svx=971122

References:
- [connect24h:04676] Re: $BITE,@Z$J(B MIME $B%X%C%@!<$,!&!&(B (Re:CodeRed $BN,(B )
  - From: Hiroshi Tsukamoto
- [connect24h:04698] Nimda signature
  - From: Koga Youichirou

Prev by Date: [connect24h:04702] Re: CodeRed $B4X(B$B78$@$H;W$&$N$G$9$,(B
Next by Date: [connect24h:04704] Re: nimda
Previous by thread: [connect24h:04698] Nimda signature
Next by thread: [connect24h:04664] $BESCf$K%W%i(B$B%$%Y!<%H(B IP $B%5%V(B$B%M%C%H$,B8:_$9$k(B?
Index(es):
- Date
- Thread