> > Coincidence. Nessus does not infect hosts. The only "virus" it would > send is the EICAR test string, sent to the SMTP server, and which is not > really a virus, only a string designed to make the alarms of the > antivirus beep like crazy.
and, I will second that. If you are vulnerable (like nessus said) you disconnect from network and fix. These worms hit a typical network at the rate of 1800 per day, so.. if you have a system vulnerable, and its connected to the net, its not unreasonable to believe that it was infected with code red.. just like nessus said, and not unreasonable that code red 'announced' that you are vulnerable (by scanning millions of your neighbors, some of them are hackers..) The nessus plugins are all in plain text, and as you can see, mostly look at banners. -- Michael Scheidell SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/
