 | View Full Version : NIMDA virus worst than Code Red NewonNet 09-19-2001, 04:59 AM A bad worm I think just got it self started tonight. is a line of the access log entry. ..%2f../winnt/system32/cmd.exe Effect windowz system. Lots of hits in the last couple of hours. creepcolony 09-19-2001, 11:11 AM what does this virus do? Alareach 09-19-2001, 11:17 AM makes things really slooooowwww I know that! more info: http://news.excite.com/news/ap/tech/internet-attack http://wired.com/news/technology/0,1282,46944,00.html AH Dexter 09-19-2001, 11:26 AM yup she's a wicked little sucker... http://www.sarc.com/avcenter/venc/data/w32.nimda.a@mm.html uses both codered and sircam techniques for spreading.... allera 09-19-2001, 01:37 PM It started on Tuesday (9/18) at 9am EST I hear. We got hit at 9:14am (that's the earliest I could find). One of our servers has been hit over 140,000 times so far: # more error_log |grep -c exe 142687 This server has almost no content on it yet and 15kbit/s of data is flowing out of it (404 error pages I would assume). Pretty wacky. Poor IIS admins -- the chose the wrong platform. :) purplemokey 09-21-2001, 04:02 AM i have a shared unix account with a webhost so why is my site down? if it's cuz the windows machines are overwhelming my servers with requests then what can i do about it??? macfan 09-21-2001, 04:31 AM Glad to be a Macfan! :D MCHost-Marc 09-21-2001, 04:52 AM Originally posted by allera This server has almost no content on it yet and 15kbit/s of data is flowing out of it (404 error pages I would assume). Block the requests. :) |