Jay Woody wrote:
I am not trying to be weird here, but all any scanner can do is check to see if the
known things about the virus are true. I want to know if a backdoor is there. I
don't care if it was Nimda or CDII that put it there or even if it was something else.
Yeah, you're getting
What I tried to say is this:
Tell me what vulnerabilities you've found. Tell me about all that you can
identify with a given tool. (It may not be all possible things, but whatever
you decide on, you should be able to report).
Don't tell me what it might be unless you can rule out false
Nimba Scanner
A new version of Nimda Scanner has just been posted to the eEye web site
that will also detect open shares on systems which is a common trait of
an infection.
http://www.eeye.com/html/Research/Tools/nimda.html
Signed,
eEye Digital Security
T.949.349.9062
F.949.349.9538
]
Subject: New Version of Retina Nimba Scanner
A new version of Nimda Scanner has just been posted to the eEye web site
that will also detect open shares on systems which is a common trait of
an infection.
http://www.eeye.com/html/Research/Tools/nimda.html
Signed,
eEye Digital Security
T
snip
Err, for example, the sadmind worm is well known enough to be
one of many hints for eEye to know that the mere existence of
a cmd.exe backdoor is not proof for CodeRed. It is suspicious,
obviously, but if there is no way to conclusively identify a CR2
infection, no scanners should
I am not trying to be weird here, but all any scanner can do is check to see if the
known things about the virus are true. I want to know if a backdoor is there. I
don't care if it was Nimda or CDII that put it there or even if it was something else.
First, these worms change all the time,
] !
+-+
Date: Thu, 20 Sep 2001 17:31:06 -0700
From: info [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: New Version of Retina Nimba Scanner
A new version of Nimda Scanner has just been posted to the eEye web
site that will also detect open shares on systems which
This is no different than eEye's CodeRed scanner which didn't give you a
trustworthy indication whether CodeRedII was actually present. It would
recognize the cmd.exe backdoor and whine about CR2 being present, which wasn't
neccessarily true at all (various other exploits created the same
] !
+-+
Date: Thu, 20 Sep 2001 17:31:06 -0700
From: info [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: New Version of Retina Nimba Scanner
A new version of Nimda Scanner has just been posted to the eEye web site
that will also detect open shares on systems which is a common trait
This scanner reports many boxes that aren't infected as infected. Terribly
deceiving.
At 05:31 PM 9/20/2001 -0700, info wrote:
A new version of Nimda Scanner has just been posted to the eEye web site
that will also detect open shares on systems which is a common trait of an
infection.
PROTECTED]
Subject: New Version of Retina Nimba Scanner
A new version of Nimda Scanner has just been posted to the eEye web site
that will also detect open shares on systems which is a common trait of an
infection.
http://www.eeye.com/html/Research/Tools/nimda.html
Signed,
eEye Digital Security
T
+-+
! John Stauffacher!
! Network Administrator !
! Chapman University !
! [EMAIL PROTECTED] !
+-+
Date: Thu, 20 Sep 2001 17:31:06 -0700
From: info [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: New Version of Retina Nimba
University !
! [EMAIL PROTECTED] !
+-+
Date: Thu, 20 Sep 2001 17:31:06 -0700
From: info [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: New Version of Retina Nimba Scanner
A new version of Nimda Scanner has just been posted to the eEye web site
13 matches
Mail list logo
