HP3000-L Archives

September 2001, Week 3

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: W32/Nimda worm
From:
Stan Sieler <[log in to unmask]>
Reply To:
Stan Sieler <[log in to unmask]>
Date:
Fri, 21 Sep 2001 16:12:42 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (18 lines) 
Re:
> Many of you are well aware of the "W32/Nimda worm" or the "Concept Virus (CV) v.5." If not, I strongly suggest :http://www.cert.org/advisories/CA-2001-26.html
>
> I have written a simple freeware program to string search and summarize the server logs, in this case for the virus footprint (root.exe & cmd.exe). This can be useful for identifying internal and external infected systems. Even if you are not using Apache on the HP3000, you can upload other
server logs to the HP3000, and use this program to scan those logs.

Our free CHECKWWW program will also report the number of CodeRed and
NIMDA probes.

http://www.allegro.com/software/hp3000/allegro.html


Stan Sieler                                           [log in to unmask]
www.allegro.com/sieler/wanted/index.html          www.allegro.com/sieler

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2